How secure is ssh?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
The problem:  at work a group of *nix admins, myself included, are
attempting to "buck the system."  There is an auditing tool being
rolled-out that logs into every *nix/linux box (tens of thousands of them)
using a particular user name and authenticating with a passwordless
(nothing in /etc/shadow or /etc/master.passwd, etc.) ssh connection -- the
public ssh key for the username being put in /home/username/.ssh on every
"client."  The account is non-priveledged, ie., no root access -- just a
regular user.

We are attempting to explain that putting the same user account (with a
publicly known user name) on tens of thousands of computers using only one
openssh key as the authentication mechanism while a handful of servers
have the private key for the account -- is a bad idea.

However, while cognizant that the encryption schemes, blowfish, rsa, dsa,
etc. make some difference between one another and are used at different
stages in the handshake and tunnel creation, it would be helpful to be
able to provide some "realistic" numbers on what it would take to crack
just one openssh private key.  A range, for example. If there is someone
here who knows the math, about how many permutations would it take?  If
it's possible, an example on the order of: it would take 100 2.0-Gigahertz
machines, between X and Y seconds/minutes/days (I really have no clue as
to the complexity involved, so perhaps years would be more appropriate
than seconds) to crack the private key, by brute force -- something a
manager can understand  :-).

The idea being, if someone did ever crack that one openssh 3.7x private
key, that someone would now have a login account on tens of thousands of
computers, an enormous flaw, IMHO.


Jim Bottino

/"\ ASCII Ribbon Campaign
\ /     Against HTML    
 X    in e-mail & news  
/ \ jim %$# bottino ELIPSIS com

Re: How secure is ssh?

Quoted text here. Click to load it

Does the auditing tool need full shell access, or can you restrict the
activities that the key is authorized to perform?

Does it need constant access, or can you monitor the clients for
abnormal use of the key?

Quoted text here. Click to load it

Personally, 'cracking' a private key sounds like the work of someone
determined to get in.  I would be *much* more concerned about the true
security of the private key rather than the ability to crack it from

What sort of machines have it?
Is the key at least passphrased on them?
If not, does anyone have access to the backup tapes?
How many people have access to the physical machine?

Quoted text here. Click to load it

Yup.  Don't forget that you can design a system whereby the keys are
changed every so often.  Such a system would almost make it impossible
to 'crack' the private key in a useful way.  It does nothing about
finding ways of stealing or otherwise obtaining the existing key though.

Darren Dunham                                 
Unix System Administrator                    Taos - The SysAdmin Company
Got some Dr Pepper?                           San Francisco, CA bay area
         < This line left intentionally blank to confuse you. >

Site Timeline