Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
View Poll Results: Would you feel safe sharing you ssh pub key?
Yes, I would share it with the world.
8
42.11%
Sort of. I would share it on an intranet, but not the internet.
1
5.26%
Yes, I already share one with the world.
1
5.26%
I already share one on an intranet. (can be combined with option 1.)
1
5.26%
No. Wether it's is presumed safe or not, the answer is no.
8
42.11%
Multiple Choice Poll. Voters: 19. You may not vote on this poll
For my company, I would like to add a page to our internal wiki that everyone could append their ssh pub keys to. The idea is when developer D needs access to one of admin A's machines he asks to have a user created. When A does this, he usually responds with, "Done. Your password is 'password' please change it." I would like to have A create the user and paste the ssh pubkey from the wiki into ~D/.ssh/authorized_keys2 so that password doesn't even come into play.
So, with that said:
Is it safe to share your public ssh keys?
Sure, putting this on an internal wiki provides a certain level of security. But how safe is it?
If I were to paste my pub key right here on LQ dot org, how could that be used against me?
This question is probably for the l33t-est of crypto buffs, but I'd also like to hear of any cases that anybody has about doing this. I want to know just how public, public keys have been (or can be) made.
As per the manpages for sshd(8) the pubkey contents are not highly sensitive. So the short answer is that the setup you're describing is probably ok. The biggest danger I see with it (and this could be a serious problem depending on your situation) is a user mistakenly posting their private key.
P.S. No, I would not share my ssh rsa/dsa pubkey with the world. Unlike gpg public keys, there is no good reason to do so. (And I'm that paranoid.)
As per the manpages for sshd(8) the pubkey contents are not highly sensitive. So the short answer is that the setup you're describing is probably ok. The biggest danger I see with it (and this could be a serious problem depending on your situation) is a user mistakenly posting their private key.
P.S. No, I would not share my ssh rsa/dsa pubkey with the world. Unlike gpg public keys, there is no good reason to do so. (And I'm that paranoid.)
Well, one other possibility is that someone finds your pub key and decides to social engineer you. They find out that you regularly ssh into example.com. They decide to register a few fat finger versions of that domain and point it to a honey pot, which you eventually hit. You don't notice the warning that forces you to type 'yes' to except the finger print of the new machine (Hello!?!?). And once you get logged in, the first thing you do use sudo, which prompts you for your password... This is so highly unlikely, that quite frankly, I don't think it's worth considering.
Definitely that's worth considering. I think this will come down to how secure your data / services need to be. If there is zero tolerance for this being a potential security hole, it may not be worth it.
As a side comment: the openssh client (by default, via StrictHostKeyChecking) won't even let you authenticate if the fingerprint does not match. I believe I've seen Windows clients that do what you're describing -- i.e. allow you to click 'yes' to continue anyway.
Definitely that's worth considering. I think this will come down to how secure your data / services need to be. If there is zero tolerance for this being a potential security hole, it may not be worth it.
As a side comment: the openssh client (by default, via StrictHostKeyChecking) won't even let you authenticate if the fingerprint does not match. I believe I've seen Windows clients that do what you're describing -- i.e. allow you to click 'yes' to continue anyway.
No, I'm not talking about the fingerprint mismatch/man in the middle alert. I mean the thing that happens when you try to shell into a host that is not in your ~/.ssh/known_hosts file. Like what happens the very first time you try to connect to a new machine.
As demonstrated by:
Code:
rbronosky@ubuntu:~$ sed -i '/dev1/d' .ssh/known_hosts
rbronosky@ubuntu:~$ # That removed the 'dev1' entry, making it look like I have never been there.
rbronosky@ubuntu:~$ ssh dev1
The authenticity of host 'dev1 (10.10.10.52)' can't be established.
RSA key fingerprint is b4:14:04:b5:48:7f:5d:1a:a8:e5:eb:0b:0e:f3:c6:41.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'dev1,10.10.10.52' (RSA) to the list of known hosts.
Last login: Thu May 24 13:55:41 2007 from ubuntu
rbronosky@dev1:~$
ssh-dss AAAAB3NzaC1kc3MAAACBAPhWqqLb+HDmtKHJBipcZ4BvqnYNVbKF7drJm0HP2RVj7uVJtnyUaOqZZYOjyXoRW5xsuj6DRPenoCaPZZv7cGn7fjDz60Iqm3P4zgrHqEl6h4qkzH/k6D7b1s8QRCngmvowo8YMA7NX4mPhiyWmBJWETUizKyz5kBLNfrJzqq/FAAAAFQDfqh6lzJLoRaYdt77a8sQ/wwMfyQAAAIEA9ri1OXfbv+vBEvgEkDO5ouqcsekSwYMb/AQ6EnwYv0El5z+HULlnsvq1PAeGR/fxlnT2mLBHXaQqG1kPQIcPtVON8JOjBWJhAMKzWtGlyWoZ/iX8lGV6GFzNsp1wKnoUBvKoNOv8v4EJN2IOb1NyDHxpuVN8UDH7J+BV5soqdqAAAACARTJzGl0eobdJM/4VivzqeRHIhsa7mtxcNPYImS0QBi4PPEGxCd4GrM2LbIO8tm3dMCmTIlQDJcjbfxP+IOgRAJPJcwZDknQLncDvatnNaJJ41VddMDBCoTvFSB9IOp0hrN0lhtE7LGs30OvShMFpzmT4cLfaPKx5ceW9yabQdYQ= Brian Ronald
As you can see, I'm quite happy to share it globally. I'm comfortable with my understanding of public key cryptography, and I understand that it's highly unlikely that my secret key can ever be derived from this public key.
I always check the host fingerprint of a machine to which I'm connecting. If I'm prompted to check a print on a machine I use regularly, I check it out - usually by some non-ssh means of contact.
As long as you understand what you're doing, it's very safe. Just like a lot of things in life. (-:
It is quite reasonable to allow users to provide their public keys to you, and you to them, as a means of identifying each of you.
But I would not arrange a system so that your user's public keys are unnecessarily exposed to each other, that is to say without their knowledge or consent.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
