Hi,

I find myself in rather interesting situation.
I need to securely login to remote system over SSH, without knowing the fingerprint in advance.
In addition, the fingerprint changes every time the machine is rebooted.
(It's live rescue system, so no persistence there).

I can access the machine over serial port over already trusted connection, but only after I run agetty on the serial port, and to run agetty I need to first login over SSH, which at this point is not yet secure.

My first idea was to:
1) login over SSH accepting whichever fingerprint it was,
2) start agetty on serial port,
3) login over serial port and then verify the fingerprint.

But this scenario, however unlikely, is susceptible to MITM.

Do you have any idea what would be the best way to do it in the above conditions?

Thanks in advance!

--
Best regards,
Andrzej Telszewski

As to the first part - If you want to accept the fingerprint you can do this:

Hi,

That's not a problem, but good to learn another command.

--
Best regards,
Andrzej Telszewski

Which live rescue system is it?

If this is really important, you might consider remastering the live system in order to have static fingerprints so you don't have to trust a different set of host keys everytime you connect.

If you are not willing to remaster the system, you can use a gateway system placed in the same network as the live system you want to access. If such network is really secure, you can ssh into the gateway system (accepting its static host keys, that don't change) and then ssh from it into the live system (since the network is supposedly secure, you can accept any fingerprint it offers). The obvious problem is that a network you consider secure might not be so for different reasons.

Hi,

Something based on Ubuntu 14.04.

Unfortunately, I don't have any of the possibilities.
What I described in my initial post, is all I have.

--
Best regards,
Andrzej Telszewski

Hi,

It turned out that I can actually push my public key over secure connection.
Then I can connect using public key authentication; still I can't ensure the host key authenticity.

Per SSH Man-in-the-Middle Attack and Public-Key Authentication Method, MITM is not possible, when using pubkey.

So am I safe to connect?

--
Best regards,
Andrzej Telszewski

A possible alternative would be to setup the live rescue system so that when it is booted, it creates a reverse SSH tunnel to your local system. Then you could connect back from your local system to the remote live rescue system.

Hi,

I don't have possibility to change the rescue system in any way.

--
Best regards,
Andrzej Telszewski

Hi,

After thinking the matter through, I came to the conclusion that it would be possible to connect securely, but it's actually not possible in my case.

My reasoning was the following:
1. I connect (without knowing server's host key fingerprint) using previously pushed public key.
2. I start agetty on serial port.
3. I login over serial port.
4. I verify the host's key.

If I understand correctly the operation of public key in SSH, in the scenario described above, the attacker would be able to only return junk to me, but he is actually not able to execute commands on the server. He could only pass my genuine commands to the server or nothing at all. So if I was able to start agetty on serial port, it would be secure console.

Unfortunately, using public key, I can only login as regular user into this particular machine and regular user is not able to start agetty.
To start agetty, I have to become root. For that I would have to use sudo and type my password.
And the password could be captured by the attacker.

Bummer.

--
Best regards,
Andrzej Telszewski

I don't think that "agetty over a (physical) serial port" can ever be made "secure" in this way.

But even an unencrypted protocol can be secure if it is forced to pass [only] through an [Open]VPN connection that is properly secured using one-of-a-kind certificates. If a daemon (even "telnet") is only listening to the OpenVPN virtual network and is not listening to the "outside," unencrypted communication by that daemon will be secured by the OpenVPN tunnel through which it is forced to pass. (Just be very sure that this is what it's really doing!)

Hi,

Why not? I have secure access to the serial port. The only problem is that agetty is not started automatically for it.

Remember what are my limitations with this particular server ;-/

--
Best regards,
Andrzej Telszewski

... then why is there not a agetty daemon running against this port all the time, i.e. at boot?

Hi,

That is the way the provider has configured the rescue OS.
I have no influence over that.

--
Best regards,
Andrzej Telszewski

Hi,

Recapping the situation:

• I am trying to securely connect to SSH server for which I don't and cannot know the host key fingerprint in advance. The fingerprint changes with every reboot.
• I can upload my public key to the server over secure channel (by means of server's management website).
• Based on information found here (SSH Man-in-the-Middle Attack and Public-Key Authentication Method), connecting to unknown SSH server using public key authentication does not allow an attacker (who MITM-s the connection) to execute any commands on the server side. The "only" damage he can cause is to return arbitrary result to the client.

I came up with the following solution.

• I upload my public key (1) that I'm going to use for login.
• I upload freshly generated public key (2).
• I login using key (1).
• I do cat authorized_keys on the server. If I find key (2) there, I know I'm connected to the the correct system.

My reasoning is that the attacker cannot know key (2) in advance, so even if he knew my strategy, he is not able to produce the cat output I expect.

Does it sound as correct solution?

Thanks in advance!

--
Best regards,
Andrzej Telszewski

Assuming the key upload channel is secure, and that MITM pubkey analysis is correct (I haven't completely digested it yet, but at first glance it looks okay), your solution should prevent getting fooled by a fake server.