Kerberos Support In OpenSSH

← Back to Stories (view on slashdot.org)

Posted by Hemos on Monday June 30, 2003 @01:35AM from the broader-support-a-good-thing dept.

Dan writes "Marshall Vale writes on behalf of the MIT Kerberos team and several other parties interested in the availability of Kerberos authentication for the SSH protocol. Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Marshall says that Kerberos support within OpenSSH may be incomplete and needs more work. In particular, implementing draft-ietf-secsh-gsskeyex in addition to any other Kerberos mechanisms will better serve the needs of Kerberos community. Secondly, he says that they would like to reduce user confusion associated with all of the different options for Kerberos and SSH. He suggests adoption of the GSSAPI key exchange mechanism in the IETF draft (which uses Kerberos to authenticate both parties to each other), in order to avoid man-in-the-middle attacks."

25 of 122 comments (clear)

RSA? by paranode · 2003-06-30 01:44 · Score: 3, Insightful

Is there any advantage to using this over the already-usable RSA key authentication in SSH?
1. Re:RSA? by Mark+Bainter · 2003-06-30 02:14 · Score: 5, Insightful
  
  Yes. Scenario: 500 *nix servers, team of 10 administrators. Solution 1: Each user gets a login created on each machine, and then they login, create an ssh key, and distribute the public key to all other machines. Later, when that person leaves, all those keys and all those user accounts get deleted. (Given, you could use NIS/LDAP/etc to try and alleviate the user-account side of the issue. But you didn't mention that as part of your RSA solution, and note that each of these solutions has potential inherent security problems.) Solution 2: Setup kerberos. Authenticate all users for all machines securely from one location. Add and delete user accounts from one location.
  
  --
  "No nation could preserve its freedom in the midst of continual warfare."
  --James Madison
2. Re:RSA? by hbo · 2003-06-30 02:16 · Score: 5, Informative
  
  The main advantage of using Kerberos for key exchange is the elimination of the known_hosts file, and the tendency for ssh users to accept any
  old key offered by the server the first time they connect. This common behavior exposes the user to the risk of man-in-the-middle attacks. If I've tricked your stack into connecting to me instead of the host you thought you were getting, I can spoof both ends of the connection and intercept your traffic in the clear. Also, Kerberos authentication is two-way (server to client AND client to server)
  
  --
  "Even if you are on the right track, you'll get run over if you just sit there" - Will Rogers
3. Re:RSA? by The+Vorlon · 2003-06-30 02:44 · Score: 4, Informative
  
  If you're deploying SSH in an environment that already uses Kerberos, there absolutely is an advantage. GSSAPI external key exchange means that, if you're authenticated to the Kerberos realm, you have tickets that will let you connect to any other machine in the realm (or in a trusted realm) without having to do out-of-band verification of the RSA key's fingerprint.
  
  With traditional RSA key authentication in SSH, the security of the SSH connection requires that either the user is diligent enough to check every new RSA fingerprint when it pops up, or that the site admin has stored all of the machine fingerprints in /etc/ssh/ssh_known_hosts. With Kerberos, mutual authentication is done for you. This is a very big advantage for anyone with a lot of machines, particularly if Kerberos is in use anyway.
ssh and telnet by ih8apple · 2003-06-30 01:47 · Score: 3, Interesting

To avoid moronic passwords being captured over cleartext telnet or ftp sessions, I think telnet and ftp should be disabled across the world with very limited exceptions. All UNIX and Linux distros should have cleartext protocols disabled by default. Once one account is comprised, the rest of a system usually goes very easily. Regardless of adding Kerberos support in OpenSSH, any kind of ssh or sftp connection immediately improves the worldwide crackability situation. (and yes, I just made up the word crackability=ease of access for crackers)

--

Why do I h8 apple?
1. Re:ssh and telnet by Surak · 2003-06-30 01:54 · Score: 4, Insightful
  
  Secure IMAP with Kerberos support. :-P
  
  --
  My journal has hot /. gossip.
2. Re:ssh and telnet by lysander · 2003-06-30 01:56 · Score: 3, Informative
  
  there exists kerberos authenticated SMTP and also kerberos authenticated POP (KPOP). both are in use at MIT, but the former is a relatively new service.
  
  --
  GET YOUR WEAPONS READY! --DR.LIGHT
3. Re:ssh and telnet by jarkko · 2003-06-30 01:57 · Score: 5, Insightful
  
  All UNIX and Linux distros should have cleartext protocols disabled by default.
  
  I still use telnet, ftp and even rsh as well and I don't feel insecure about it. Transport-mode IPSec between hosts really helps a lot here...
  
  The "moronic passwords"-issue comes mainly from pop3 and different web-sessions these days. What the world really needs is opportunistic IPSec.
4. Re:ssh and telnet by isa-kuruption · 2003-06-30 02:04 · Score: 5, Insightful
  
  I will paraphrase a quote from Mr Bruce Schneier:
  
  "No matter what security measures you implement, the end users are still the weakest link in the chain."
  
  I think it speaks for itself. Passwords can be brute forced via secure protocols as well. Passwords can be copied from stick-it notes on people's monitors, or from knowing their maiden name.
  
  While cleartext protocols should be disabled, many places use them... a LOT. And while I know SSH can replace most of their functionality, many places have scripts that have been running for years that would need man power to rewrite (even if changing only one line) which makes it difficult for many organizations decide this is a priority.
  
  Heck, I had a hell of a time convincing our organization to move from SSHv1 to SSHv2 due to the man-in-the-middle attacks.
5. Re:ssh and telnet by ave19 · 2003-06-30 02:38 · Score: 3, Insightful
  
  Would it be more accurate to say, you wish to see all cleartext services disabled by default? Since ftp, telnet, rlogin, etc. all have ciphered, non-cleartext authentication methods with mutual authentication?
  
  Where I work, we allow kerberized telnet, but not cleartext telnet. Same for ftp.
  
  -ave
  
  --
  ...or maybe not.
6. Re:ssh and telnet by iabervon · 2003-06-30 04:23 · Score: 3, Insightful
  
  You really mean cleartext authentication, not cleartext protocols. Cleartext ftp is fine for anonymous downloads; cleartext HTTP is fine so long as you don't use passwords or authentication cookies (note that you and I are both posting in violation of what we're saying. But anyway...); cleartext telnet is fine for rainmaker.wunderground.com; and so forth.
  
  I find it odd that systems package together telnet (a nice wrapper for TCP, with a few extra features; very useful for a number of things, including getting the weather) with telnetd (a program for providing shell access to attackers, simply based on the few extra features over TCP. Similarly ssh and sshd. Programs that make connections are very different from programs that provide shell access.
  
  Personally, I think Linux distros should have remote login disabled by default. Anyone who actually wants it will know how to enable it, and will hopefully pick a sane protocol to use to do so.
Re:Time for Linux to catch up? by tempmpi · 2003-06-30 01:50 · Score: 4, Insightful

Linux has had Kerberos and IPSec for long time, too. This is not a Linux vs. Windows thing, it is about the best way to use Kerberos authentification for SSH.

--
Jan
Re:Time for Linux to catch up? by coyote-san · 2003-06-30 01:55 · Score: 4, Informative

Moderators on crack again?

Unix systems have had Kerberos forever, via both commercial implementations and the MIT reference implementations. Linux DISTRIBUTIONS largely haven't had them, but that's because of the hassles with US export controls in place until recently. Anyone likely to use Kerberos also knew how to build the MIT reference implementation from scratch, if necessary.

Windows is actually a "Johnny-come-lately" - I had been working on unofficial Debian packages of the MIT Krb5 packages for about 3 years when MS announced Windows would use Kerberos in new products, and as usual they attempted to add their own unpublished proprietary crap to it. I (and many other people) didn't mind them adding add'l field specific to the W2K client model, but there was no need for the initial draconian non-disclosure policies.

--
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
Windows 2K/XP and KErberos by tigersha · 2003-06-30 02:03 · Score: 4, Interesting

IS is possible to log in to an Active Directory Domain and use those credntials for Kerberos. I am not an expert on this but AFAIK Microsft uses a somewhat bastartized version of Kerberos for Active Directory. I am interested in tusing thos tickets to authenticate with Normal SSH (the Windows version from SSH Labs) from my Windows box. Is this possible?

--
The dangers of excessive individualism are nothing compared to the oppressiveness of excessive collectivism
1. Re:Windows 2K/XP and KErberos by Anonymous Coward · 2003-06-30 02:13 · Score: 3, Informative
  
  I believe recent Kerberos for Windows distributions from MIT include ms2mit.exe, which you can use to do that conversion.
  
  MIT has single-signon working (the conversion happens automatically) but I don't know if they released the code.
Other parties? by Nissyen · 2003-06-30 02:05 · Score: 5, Funny

...on behalf of the MIT Kerberos team and several other parties interested in the availability of Kerberos authentication...
There are other parties interested in Kerberos?

--
Idol Star Astronomer
1. Re:Other parties? by finkployd · 2003-06-30 02:33 · Score: 3, Informative
  
  There are other parties interested in Kerberos?
  
  Yeah, most large Universities.
  
  Finkployd
Re:Well that's a start ... but ... by Spyder · 2003-06-30 02:06 · Score: 3, Informative

Yes it is BSD, it's an OpenBSD project.

--
Spyder
kerberos+ssh+putty by ave19 · 2003-06-30 02:10 · Score: 5, Informative

i have a mod for putty that can do gssapi+kerberos auth for users. windows client to the linux/unix openssh servers.

we're beta testing (or will start soon) but it works!

respond if you're interested...

--
...or maybe not.
Re:ssh and telnet, sftp and ftp by Endareth · 2003-06-30 02:18 · Score: 3, Insightful

I think telnet and ftp should be disabled across the world with very limited exceptions. All UNIX and Linux distros should have cleartext protocols disabled by default.

I would agree 100% with this, some *NIX flavours do this already, notable NetBSD and OpenBSD, and I suspect FreeBSD does also, though TBH that's guessing. With SSH available there really is no need that I can think of off hand (I'm sure someone can think up a counter argument) for telnet to still exist, and the only reason for plain ftp to still exist is because all those fully featured ftp clients (download managers, resumers, etc) are implemented with plain ftp instead of sftp. If they are well enough written however, it shouldn't take much effort to re-write these to use sftp instead. While Kerberos is a definate improvement, the difference between telnet and SSH is far huger than the difference between SSH without Kerberos and SSH with Kerberos.

--
Disclaimer: The above comment was made while under the influence of too much coding and not enough sleep.
Re:ssh and telnet - POP3 by drasfr · 2003-06-30 02:33 · Score: 4, Informative

Well, Pop3 can be fairly secure, pop3 over ssl.

I have my own SMTP & pop3 server, and I have compiled my POP3 daemon with ssl support, and I use outlook to connect, securely on pop3, at least no cleartext password exchange there.
Althought it doesn't change anything in the man-in-the-middle problem.
One problem only, as the SSL certificate has been signed by myself, when outlook reconnect to the server first time it is run, it says the certificate is unknown.
There is already a patch by voicebox · 2003-06-30 02:49 · Score: 5, Informative

I am unable to get to the article (slashdotted) but there is an already existing GSSAPI patch for OpenSSH here: patch.
The previous flamefest over this.. by Tuck · 2003-06-30 03:08 · Score: 4, Informative

.. is two doors down on the left.

--
$ find /pub -beer "James Squire Amber Ale" -drink
it's been there for a while by uslinux.net · 2003-06-30 03:09 · Score: 4, Informative

Kerberos authentication has been in openssh for a while, IIRC. What openssh lacks is kerberos ticket passing. Authentication works by validating your kerberos ticket against a KDC, or validating your password against the KDC. #2 has been there. I believe #1 has as well. Ticket passing allows your ticket to be forwarded to the next server, so you can *again* login in to another system. If you don't pass tickets, you need to kinit on each system before you can ssh.

And BTW, kerberos 5 sysadmins can disable non-encrypted services, so rsh/rlogin/telnet/ftp/etc can mandate encryption or fail the connections.
Cussed out in Klingon by sdjunky · 2003-06-30 03:49 · Score: 3, Funny

"draft-ietf-secsh-gsskeyex"

Yeah! Well, your mother!