[Gllug] Selective SSH logins

[Daniel P. Berrange]

On Tue, Aug 26, 2008 at 07:26:13PM +0100, John Edwards wrote:
> On Tue, Aug 26, 2008 at 06:35:52PM +0100, Jose Luis Martinez wrote:
> > 2008/8/26 Daniel P. Berrange <dan at berrange.com>:
> >  <snip>
> > 
> >> And if you have  NFS home directories, and aren't requiring Keberized NFS
> >> clients, then SSH keys are worse than useless thanks to NFS' complete lack
> >> of a security model (ie it trusts clients to be truthful wrt to UIDs). And
> >> if you are requiring Kerberized NFS, then you can just use GSSAPI logins
> >> anyway, so don't need SSH keys.  SSH keys + NFS home dirs == recipe for
> >> disaster.  Of course non-Kerberized NFS + password login is no better
> > 
> > In a previous job of mine NFS + ssh keys was a grave offence that
> > could lead to dismissal, a justified policy if you ask me.
> 
> Even when protected by a passphrase?

You've just answered your own question....

> There's a lot worse that can happen when you share your home
> directory over NFS, such as adding things to .bashrc, for 
> example a key logging shell which will capture your passwords.

...right here.

Trivial to add something to .bashrc that will capture your
passphrase when you enter it with ssh-agent, or on-demand
at time of connection.

Daniel
-- 
|: http://berrange.com/     -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://freshmeat.net/~danielpb/    -o-   http://gtk-vnc.sourceforge.net :|
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20080826/984562db/attachment.pgp>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug