Slashdot Mirror
Kerberos Support In OpenSSH
Dan writes "Marshall Vale writes on behalf of the MIT Kerberos team and several other parties interested in the availability of Kerberos authentication for the SSH protocol. Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Marshall says that Kerberos support within OpenSSH may be incomplete and needs more work. In particular, implementing draft-ietf-secsh-gsskeyex in addition to any other Kerberos mechanisms will better serve the needs of Kerberos community. Secondly, he says that they would like to reduce user confusion associated with all of the different options for Kerberos and SSH. He suggests adoption of the GSSAPI key exchange mechanism in the IETF draft (which uses Kerberos to authenticate both parties to each other), in order to avoid man-in-the-middle attacks."
Linux has had Kerberos and IPSec for long time, too. This is not a Linux vs. Windows thing, it is about the best way to use Kerberos authentification for SSH.
Jan
Secure IMAP with Kerberos support. :-P
My journal has hot
Moderators on crack again?
Unix systems have had Kerberos forever, via both commercial implementations and the MIT reference implementations. Linux DISTRIBUTIONS largely haven't had them, but that's because of the hassles with US export controls in place until recently. Anyone likely to use Kerberos also knew how to build the MIT reference implementation from scratch, if necessary.
Windows is actually a "Johnny-come-lately" - I had been working on unofficial Debian packages of the MIT Krb5 packages for about 3 years when MS announced Windows would use Kerberos in new products, and as usual they attempted to add their own unpublished proprietary crap to it. I (and many other people) didn't mind them adding add'l field specific to the W2K client model, but there was no need for the initial draconian non-disclosure policies.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
All UNIX and Linux distros should have cleartext protocols disabled by default.
I still use telnet, ftp and even rsh as well and I don't feel insecure about it. Transport-mode IPSec between hosts really helps a lot here...
The "moronic passwords"-issue comes mainly from pop3 and different web-sessions these days. What the world really needs is opportunistic IPSec.
IS is possible to log in to an Active Directory Domain and use those credntials for Kerberos. I am not an expert on this but AFAIK Microsft uses a somewhat bastartized version of Kerberos for Active Directory. I am interested in tusing thos tickets to authenticate with Normal SSH (the Windows version from SSH Labs) from my Windows box. Is this possible?
The dangers of excessive individualism are nothing compared to the oppressiveness of excessive collectivism
I will paraphrase a quote from Mr Bruce Schneier:
"No matter what security measures you implement, the end users are still the weakest link in the chain."
I think it speaks for itself. Passwords can be brute forced via secure protocols as well. Passwords can be copied from stick-it notes on people's monitors, or from knowing their maiden name.
While cleartext protocols should be disabled, many places use them... a LOT. And while I know SSH can replace most of their functionality, many places have scripts that have been running for years that would need man power to rewrite (even if changing only one line) which makes it difficult for many organizations decide this is a priority.
Heck, I had a hell of a time convincing our organization to move from SSHv1 to SSHv2 due to the man-in-the-middle attacks.
There are other parties interested in Kerberos?
Idol Star Astronomer
i have a mod for putty that can do gssapi+kerberos auth for users. windows client to the linux/unix openssh servers.
we're beta testing (or will start soon) but it works!
respond if you're interested...
...or maybe not.
Yes. Scenario: 500 *nix servers, team of 10 administrators. Solution 1: Each user gets a login created on each machine, and then they login, create an ssh key, and distribute the public key to all other machines. Later, when that person leaves, all those keys and all those user accounts get deleted. (Given, you could use NIS/LDAP/etc to try and alleviate the user-account side of the issue. But you didn't mention that as part of your RSA solution, and note that each of these solutions has potential inherent security problems.) Solution 2: Setup kerberos. Authenticate all users for all machines securely from one location. Add and delete user accounts from one location.
"No nation could preserve its freedom in the midst of continual warfare."
--James Madison
The main advantage of using Kerberos for key exchange is the elimination of the known_hosts file, and the tendency for ssh users to accept any
old key offered by the server the first time they connect. This common behavior exposes the user to the risk of man-in-the-middle attacks. If I've tricked your stack into connecting to me instead of the host you thought you were getting, I can spoof both ends of the connection and intercept your traffic in the clear. Also, Kerberos authentication is two-way (server to client AND client to server)
"Even if you are on the right track, you'll get run over if you just sit there" - Will Rogers
Well, Pop3 can be fairly secure, pop3 over ssl.
I have my own SMTP & pop3 server, and I have compiled my POP3 daemon with ssl support, and I use outlook to connect, securely on pop3, at least no cleartext password exchange there.
Althought it doesn't change anything in the man-in-the-middle problem.
One problem only, as the SSL certificate has been signed by myself, when outlook reconnect to the server first time it is run, it says the certificate is unknown.
If you're deploying SSH in an environment that already uses Kerberos, there absolutely is an advantage. GSSAPI external key exchange means that, if you're authenticated to the Kerberos realm, you have tickets that will let you connect to any other machine in the realm (or in a trusted realm) without having to do out-of-band verification of the RSA key's fingerprint.
With traditional RSA key authentication in SSH, the security of the SSH connection requires that either the user is diligent enough to check every new RSA fingerprint when it pops up, or that the site admin has stored all of the machine fingerprints in /etc/ssh/ssh_known_hosts. With Kerberos, mutual authentication is done for you. This is a very big advantage for anyone with a lot of machines, particularly if Kerberos is in use anyway.
I am unable to get to the article (slashdotted) but there is an already existing GSSAPI patch for OpenSSH here: patch.
.. is two doors down on the left.
$ find
Kerberos authentication has been in openssh for a while, IIRC. What openssh lacks is kerberos ticket passing. Authentication works by validating your kerberos ticket against a KDC, or validating your password against the KDC. #2 has been there. I believe #1 has as well. Ticket passing allows your ticket to be forwarded to the next server, so you can *again* login in to another system. If you don't pass tickets, you need to kinit on each system before you can ssh.
And BTW, kerberos 5 sysadmins can disable non-encrypted services, so rsh/rlogin/telnet/ftp/etc can mandate encryption or fail the connections.