Home

Tighter SSH Security with Two-Factor Authentication

Issue 152

From Issue #152
December 2006

Dec 01, 2006  By Paul Sery
 in
How to set up two-factor authentication using a USB pendrive and ssh-agent for root logins.
Example 3: Tightening Up

We need to close a potential vulnerability before using this system in the wild.

Using ssh-agent and agent forwarding allows the remote SSH server to query the private key stored on your local computer. However, if you use this system to log in to multiple computers, an intruder on one machine can potentially highjack those keys to break in to another machine. In that case, this system could be more dangerous than one using static passwords.

To illustrate the problem, let's expand our example network from two to three nodes by adding machine3 to the mix. Create key pairs for both bob and root on machine3, as described in Examples 1 and 2, and add root's private key to ssh-agent on machine1.

Now, ssh to machine3 as bob using the agent-forwarding option -A. Run ssh-add -l, and you can see the public keys for both machine2 and machine3: 

   2048 fa:5c:4b:73:88:...: ... /media/usbdisk/key-rsa-root@machine2 (RSA)
   2048 26:b6:e3:99:c1:...: ... /media/usbdisk/key-rsa-root@machine3 (RSA)

In this example, ssh-agent on machine1 caches the private keys for machine2 and machine3. This single agent allows us to log in as root on either computer. However, using the single agent also potentially allows an intruder on machine2 to log in as root on machine3 and vice versa. This is not good.

Fortunately, we can fix this problem by using the ssh-add -c option; we can add additional security by using individual ssh-agent instances to store one root key for each remote machine. The -c option tells ssh-agent to have the user confirm each use of a cached key. Devoting one ssh-agent instance per host prevents any as yet unknown ssh-agent vulnerability from exposing one machine's key to another.

Using the ssh-add confirm option is easy; simply set the -c option whenever adding a key to ssh-agent. Let's give it a try. Start two agents on machine1, specifiying predefined sockets: 

   ssh-add -c /media/usbdisk/key-rsa-root@machine2
   ssh-add -c /media/usbdisk/key-rsa-root@machine3

You'll be asked to confirm use of the key when you ssh to machine2 and machine3.

You also can use separate ssh-agents to store each key. Let's give it a try; start two agents on machine1, specifying predefined sockets: 

   ssh-agent -a /tmp/ssh-agent-root@machine2
   ssh-agent -a /tmp/ssh-agent-root@machine3

Once again, I'm using an arbitrary yet descriptive naming convention. Set the environmental variable, and add the key for machine2: 

   export SSH_AUTH_SOCK=/tmp/ssh-agent-root@machine2
   ssh-add -c /media/usbdisk/key-rsa-root@machine2

Repeat this process for machine3, making the appropriate substitutions: 

   export SSH_AUTH_SOCK=/tmp/ssh-agent-root@machine3
   ssh-add -c /media/usbdisk/key-rsa-root@machine3

Now, log in to machine3 (we'll go to machine3 at this point as we just set the SSH_AUTH_SOCK variable to point to machine3's agent): 

   ssh -A -i /media/usbdisk/key-rsa-bob@machine2 bob@machine3

Run the following command to see what keys you can query on machine1: 

   ssh-add -l

You see only the key for root on machine3.

Exit from machine3, change the environmental variable to the machine2 ssh-agent socket, and log in to machine2: 

   export SSH_AUTH_SOCK=/tmp/ssh-agent-root@machine2
   ssh -A -i /media/usbdisk/key-rsa-bob@machine2 bob@machine2

Check your keys again: 

   ssh-add -l

Checking your keys on machine2 and machine3 reveals only the root key for that machine. In the previous example, by using a single ssh-agent, you would have seen the keys for both machine2 and machine3.

Using separate ssh-agent instances for each machine you log in to requires more work.

Resetting the SSH_AUTH_SOCK variable every time you want to log in to another machine is impractical. To simplify the process, I've written a simple script tfssh (two-factor ssh) to simplify the process. Its syntax is: 

   tfssh [username@]host [keydir]

The script [Listing 1 on the LJ FTP site at ftp.linuxjournal.com/pub/lj/listings/issue152/8957.tgz] starts ssh-agent when necessary, sets the environmental variable, adds the root keys to ssh-agent and logs in to the remote machine as the user. You also can tell tfssh to look in an arbitrary directory ([keydir]) for its keys and also set a key timeout for the key cache.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Two-Factor ssh

Mike Kachline's picture
Submitted by Mike Kachline (not verified) on Fri, 01/29/2010 - 17:47.

Agree with Nicholas above. An ssh key + "passphrase" is indeed, not "two-factor" because, as he mentioned, the presence of a passphrase is never validated on the server.

Furthermore, an ssh key (something you have) which is stored onto a USB thumb drive (something you have) is still, technically speaking, single factor authentication. Much like requiring multiple "chained" passwords is still single-factor authentication.

A possible workaround is to use an SSH key which "forces" a command of "sudo /bin/login". By doing so, one would first authenticate with the SSH key (something you have), and then need to authenticate through the "regular" PAM stack (Something you know.) This has the added bonus that the "pam stack" authentication would enforce other rules such as password complexity, fail counts, and so forth.

This is single factor, not two factor authentication

Nicholas Sushkin's picture
Submitted by Nicholas Sushkin (not verified) on Tue, 12/08/2009 - 12:49.

Paul,

RSA key authentication is a single factor authentication. The server only verifies your RSA key, which is the only authentication factor. The key's passphrase is only relevant for protecting your private key in your client machine. You can set empty passphrase, the server doesn't care.

The authentication would have been two factor, if the server verified both the key and a static password independent of the key.

mv not quite secure :)

witek's picture
Submitted by witek (not verified) on Sun, 04/12/2009 - 20:17.

Don't move cryptokeys using "mv". Use "cp", then "shred" or "wipe".

Excelent article.

White Paper
More Resources
Fabric-Based Computing Enables Optimized Hyperscale Data Centers

Today’s modular x86 servers are compute-centric, designed as a least common denominator to support a wide range of IT workloads. Those generic, virtualized IT workloads have much different resource optimization requirements than hyperscale and cloud applications. They have resulted in a “one size fits all” enterprise IT architecture that is not optimized for a specific set of IT workloads, and especially not emerging hyperscale workloads, such as web applications, big data, and object storage. In this report, you will learn how shifting the focus from traditional compute-centric IT architectures to an innovative disaggregated fabric-based architecture can optimize and scale your data center.

Learn More

Sponsored by AMD

White Paper
More Resources
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy

Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6

Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.

Learn more about catching the bad guy in this free white paper.

Learn More

Sponsored by DLT Solutions