Slashdot Mirror
Why Aren't We Using SSH For Everything?
An anonymous reader writes: A post at Medium asks why, in this age of surveillance and privacy-related bogeymen, we aren't making greater use of SSH for our secure computing needs?
"SSH is one of the most accessible secure protocols ever, second only to HTTPS of course. Let's see what we have so far: Binary protocol, mandatory encryption, key pinning, multiplexing, compression (yes, it does that too). Aren't these the key features for why we invented HTTP/2?
Admittedly, SSH is missing some pieces. It's lacking a notion of virtual hosts, or being able to serve different endpoints on different hostnames from a single IP address. On the other hand, SSH does have several cool features over HTTP/2 though, like built-in client authentication which removes the need for registration and remembering extra passwords."
"SSH is one of the most accessible secure protocols ever, second only to HTTPS of course. Let's see what we have so far: Binary protocol, mandatory encryption, key pinning, multiplexing, compression (yes, it does that too). Aren't these the key features for why we invented HTTP/2?
Admittedly, SSH is missing some pieces. It's lacking a notion of virtual hosts, or being able to serve different endpoints on different hostnames from a single IP address. On the other hand, SSH does have several cool features over HTTP/2 though, like built-in client authentication which removes the need for registration and remembering extra passwords."
>Admittedly, SSH is missing some pieces
Should read, "Admittedly, SSH is missing some crucial features, that make its use in this context impossible."
Thank you for mentioning it is medium.com on the summary. That's how it should be done, since we hate being click-baited to such websites.
Violence is the last refuge of the incompetent. Polar Scope Align for iOS
I use SSH for everything. I use it between my cell phone and the wall charger. I use it between my thermostat and my furnace. Probably most importantly, I use it between my my remote control and TV. Never can be too careful these days.
Better known as 318230.
Recent Snowden documents shed doubt on whether the NSA isn't actually able to crack ssh, too. http://www.spiegel.de/international/germany/a-1010361.html
SSH can be used for virtual hosting environments just fine with things like force-command chrooting automatically when a user logs in based on username or pubkey. The protocol is not hostname aware, so it cannot handle "different hostnames from a single IP", you have to have a different user account name in order to do similar tricks. I do not think that is a limitation though, since you are talking to the underlying system, not to a content serving system like a web server.
I use ssh a lot. and ssl. and s/mime.
no, I don't have a sig
If anything is missing, it's probably only missing on Windows.
Support on Linux and Mac is jut fine, I think.
Windows:
- client support is kind of OK
- virtual filesytem support is kind of OK
The biggest missing solution:
- Windows server support. There are some expensive solutions, not sure how well they work.
New things are always on the horizon
SSH is nice, but it can be a pain in the ass to set up. This is probably the biggest reason I don't use it often. Of course, if I used it more I probably wouldn't be whining about it being a pain in the ass. However, unless you are constantly admining a lot of *nix machines that are using SSH, one of *nix' strengths can be it's undoing. Every time I set up SSH I have to relearn how to do it from scratch because I've forgotten since the last time I set it up. I had the same issue with ipchains and iptables, and Samba - once you get them working you really don't have to touch them again for years, usually. Great, for sure, but it's longer than my memory is capable of retaining those details.
Are you suggesting creating SSH tunnels connecting everything? Encrypting traffic is a good thing, but I think efficient decentralized hosting is a higher priority. What good is security if it's trivial to attack the end points?
Everyone I work with has SSH+SOCKS set up to a central set of servers, then we reach out from there.
One of the coolest client-side features of most SSH clients (at least OpenSSH and PuTTY support it) is the ability to turn any SSH connection into a SOCKS5 proxy, provided the server will let you. If your Internet connection has a restrictive stateful firewall on it that blocks your access to many useful legitimate sites, you can just stunnel out over TLS and then have the ability to go outbound on any port (including SSH's default port of 22) using your SOCKS5 proxy. I've used RDP over SSH over TLS before to get around restrictive filters.
I know back in 1995 when Cygwin came out it got a reputation of being pretty flakey.
But it's come a long way in the last 2 decades.
These days, pretty much any time you think you have a "hmm, Linux can do this but I don't know how to do it on Windows", Cygwin is probably a very good possibility.
The article is "SSH how does it even?". What the fuck slashdot? How do you mis-judge your audience this badly?
... everything looks like a nail.
It's lacking a notion of virtual hosts
That's a major reason right there. There was a time when some web servers couldn't do virtual hosts with https: well or at all.
That, and the usual reasons why HTTPS etc. aren't used more (server-side overhead, etc.).
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
SSH connections take For. Eh. Ver. relatively speaking:
Subsequent requests using the same connection are quick enough:
% time ssh localserver exit ssh localserver exit 0.00s user 0.00s system 20% cpu 0.039 total
But compare to an HTTPS connection to a remote host:
A brand new request to a remote server takes just 263ms, and a second request only 81ms. Considering that the server is 25ms away, that makes it a bit faster than a cached SSH connection to a local machine.
But even more than that, SSH in this context is a transport, not a protocol. It allows you to build and manage secure connections, but you still have to write a protocol on top of it ("I'll send this command, and you reply with..."). Even if you "cheat" and use SFTP, you're still missing out on fixes to the thousands of little issues people have worked out with HTTP over the years. What's the SFTP equivalent of If-Modified-Since? How will redirects to remote servers work? What's your cross-domain scripting policy? How are you going to handle anonymous connections?
Use SSH for SSH. Use HTTP for HTTP. They're separate things for good reasons.
Dewey, what part of this looks like authorities should be involved?
In any event, having automatic browser/server built in support for something like SSH or HTTP/2 is a good thing. It wouldn't be horrible if browsers chose to implement some sort of setup with SSH as well as the HTTP/2 standard, but even that implementation would require some sort of standardization. Cool idea. I think that an Apache plugin for SSH and browser support would be a neat alternative. I mean, that's the thing, right? For everyone to adopt it, it has to be completely transparent. To the point that they don't even really realize they are adopting anything. Including the people installing and maintaining the servers. Not all web servers are admined or set up by geniuses. If the server configuration and set up is too complicated global adoption would fail as well.
I've been wondering for some time now why TLS (SSH) is not integrated into the OS, to extend the TCP/IP stack on a low level.
If Pandora's box is destined to be opened, *I* want to be the one to open it.
Why aren't we using SSH to monitor the computer's microphone?
We ARE using SSH to monitor your microphone.
Sincerely,
The [3 characters redacted]
telnet and ftp practically died a while back, http is on the way out. In most corporate environments, other protocols such as X are local only and remote use is over ssh tunnels. IMAP/SMTP takes place over TLS when using decent providers. I guess there is a question of whether SSH and HTTPs should be merged. But a lot of work has been put in both and would be difficult to replicate and make as secure from the start. No hurry.
The only exceptions are organizations with lax security (like Sony apparently) and cases where security or integrity is completely not an issue. I guess if you broadcast a video as unencrypted UDP over a local network, that's fine.
SSH as a protocol was designed for interactive login, and it has some issues when used for other applications. But there is one key aspect of it that needs to break out of SSH, the public key cryptography part.
When creating an account on a web site, rather than entering a User ID and password the browser should generate a public-private pair, and send the public part to the other side. Logins can then be done just like SSH does, with a cryptographic exchange.
The "lost password database" goes away completely. If you got the database on the far end it would only contain public keys, which would not allow logins. The whole "everyone must change their password" nonsense goes away.
So don't force SSH on us, but let's all work to get more public key based logins.
How far /. has fallen.
this article doesn't deserve a dignified discussion its absurd and misguided please don't encourage them further
I think, because only a fraction of 'net users are security conscious.
The rest just use the 'defaults' of their apps and search result links for things like email , online shopping, and online banking, and trust(?) that the people providing the access to their email, online banking, and online shopping, kept them safe.
Uh, Linux geek since 1999.
Why aren't we? Because using ssh doesn't prevent people from posting their private keys to github and being shocked, outraged even, that their entire infrastructure is now compromised?
I see we are recycling reddit posts now
seriously, have you ever tried to get a cert installed properly in J2EE? Node? PHP/Apache? Ever tried to get PGP working right on t-bird?
There is nothing about the process that is straightforward in any way (including the cert signing stuff). Thus, most websites will simply find it easier to not bother. Let those who can pay for experts pay for it, but until expertise becomes "push this button" easy, and still almost free, it isn't worth it for typical web traffic.
"But remember, most lynch mobs aren't this nice." (H.Simpson)
-- Joe
I confused medium.com with the other site that is often the target of /. article links. Dammit now I am stuck, I can't remember it, it has a simple name as well, it is one with "scientific" topics but really crap content in a fancy css scrolling article... Sorry about that...
Violence is the last refuge of the incompetent. Polar Scope Align for iOS
The protocol handles environment variables. That's not much different than HTTP headers.
Since, according to some sources, the NSA have cracked the SSH protocol, you probably DON'T want to use it "for everything". Perhaps this question is a shill?
SSH is not a magic bullet. It is designed for secure remote administration and it does that extremely well.
Condoms are pretty good for safe sex. I think we should be using condoms to protect our bank accounts, for giving everyone safe drinking water, for screening passengers at airports and for securing your valuables in hotel rooms.
What issues are there for "other applications"? Mostly everyone uses ssh for git push, for example, and it works quite fine...
What are all the Golang dependencies?
One problem with ssh-key client authentication, is the trust of the public key, now both there is x509 and openssh's certificate based authentication systems, but neither are globally adopted by all clients and servers. This leads to the "how do you absolutely know that the key listed in authorized_keys is a valid ssh key or if someone has added one to it. But you without widescale support of SSHFP, there's no method of really trusting the servers keys either, if you are connecting to a server for the first time, can you actually trust the fingerprint, and if the fingerprint changes how do you know if it's a valid change or not.
A second problem is that with key-agents, allows for the key to be used to connect to other systems, so if someone obtains your "insecure" private key, they could have access to each server that trusts that key, directly or indirectly.
A third, which isn't a problem but somewhat of missing documentation, is that of the Sub Services, So many more features could be generated with better documentation available, an example could be to provide a replacement for the time services (not ntp), and I have used it in the past to output stats from various services, but the documentation is missing.
The last thing I will say, on the server side not only deprecate ssh v1, but it's time to completely obsolete and remove it.
Opportunistic end-to-end encryption was originally in the IPv6 Sec. Somewhere along the way it went missing. Along with the FreeSwan project which had it working pretty well for IPV4 a decade and a half ago.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Why Aren't We Using SSH For Everything?
Because only morons use the same tool for everything. Experts use the best tool for the job at hand.
And besides, most of us use SSH for a lot of things. For remote management, copying files, for accessing our git repositories and probably 20 other things.
Assorted stuff I do sometimes: Lemuria.org
ssh stores keys in ~/.ssh
At the same time we still use the retarded "user" concept of Unix. Now, a browser, PDF reader or LibreOffice or Gimp exploit is sufficient to get the key. Granted, it is protected by passphrase, but these are often not very strong. One character of prose is typically much less than 1 bit of entropy if you are up against a well-funded (read: well-skilled) adversary.
Even better, an infected firefox could directly attach to other processes of the same user using the /proc/mem file system.
From this you can guess how NSA-GCHQ acquires ssh keys. A single visit of SD is probably sufficient, given the rogue nature of their behaviour.
We baldy need to sandbox ALL processes in order to shore up security. Also, the SE Linux approach of labelling resources and allowing only processes with appropriate privileges to access the ssh keys must be implemented.
They use some sort of exploits to attach to /proc/mem when ssh runs and has the plaintext key. A single firefox exploit in SD would work wonders against the "Linux terrorists" like you and me.
The problem of SSL/TLS is exactly the feature-overload.
Do we really need to have asymmetric crypto exposed via an automated interface ???
Because that implies a massive piece of code just to parse the ASN1 mumbo-jumbo. Tons of bugs were in ASN1 parsers alone. Most developers dont know how to properly check a SSL/TLS connection for a MITM attack, actually.
When I do banking, why cant I just use a symmetric cipher my bank has mailed to me in some sort of moderately secure physical envelope ?
And when I really need to do some sort of key exchange over the net, maybe manually running GPG is the better approach ?
They managed to slip something into gcc along the lines of the Tompson attack.
This is a gang of something like 1 million gang members all over America. They can do things you never dreamed of. Unpunished.
One word for why ssh is not literally "everything" : Windows
Sure, there are ssh clients/servers for Windows, but ssh is not a native Windows protocol. Without that, it won't ever be "everywhere." Another example of the "we know best" attitude and lack of listening/insite from top managers who are at this point so indoctrinated/co-joined with Microsoft that Bill Gates' left arm sprouts from an RDP session on their side when they need to wipe.
The powers to be at my work have actually tagged SSH as a volunerability on our network due to root being able to access all ssh keys on a system. Without being able to secure those keys from root, they are slowly phasing it out. (Yes, they are so clueless to think they can hide root-owned files from root on UNIX -- these are the same folks saying RDP is more secure ... and the same folks a very large storage place for your money! -- YES, be very very afraid!)
"Binary protocol" isn't really a good thing or a bad thing, it's just a thing.
Instead of being first hand journalism, sites like Slashdot and Reddit aggregate news and lets people discuss it.
At least old timey newspapers would hire journalists. Here we just regurgitate stuff we find. I don't really get the whole Reddit/Slashdot was first kind of competitiveness in the light that neither site creates much original.
“Common sense is not so common.” — Voltaire
Clearly, merely using SSH is not nearly enough. What are the best practices for SSH configuration? Cipher type, key length, other options, etc.
I've done some searches on this but haven't come up with much.
Perhaps, but the semantics are different.
Proxying and caching is another HTTP feature that is common place that might be hard to do in SSH. Sure, ssh can redirect and pipe. But there isn't a very good way to encapsulate multiple ssh sessions without both ends knowing about the structure of the proxying.
If you are using a SSH tunnel or similarly with a VPN, you are already doing 'everything' over SSH, that is to say the whole network connection. Even my X11 server is using it right now.
However HTTP/S, SMTP and the like are protocols, not transport mechanisms.
I used it to fuck your gf with. You really have to be careful.
It us almost always windows that is cracked.
Even if the serial spammers start spamming anonymously, the site remains unreadable.
It's sucked for a long ass time. I've tried it with HPN on and off, and tried setting it between SCP and SFTP modes, the thing is nowhere near as fast as it should be.
Buck Feta. You know what to do.
because monocultures are bad. haven't we seen enough bad shit from monocultures last year. You have to look no further to heartbleed as to why this is a fucking aweful idea.
Is this just not Benedict Bumblefuck again?
Turn on compression with -C and select a fast cipher with -c
ssh -C -c blowfish-cbc,arcfour -X
Also, some applications (Firefox) seem to do all their own per-pixel rendering rather than using appropriate X primitives. For those applications, VNC with a a minimum color palette may work much better, or choose a different application that does the same job.
Speaking of choosing different applications, consider CLI options. A CLI interface is quite usable at about 64 kbps. I use the GUI only for a browser and email, and occasionally virt-manager. The browser and email can use the socks proxy feature of ssh, so that only leaves virt-manager as the only application I ever forward.
X is going in the trash. HAHAHAHAHAHH YOULL BE OUT OF A JOB HAHHAHAHAH.
Other newer stuf is replacing it. HAHHAHAHAHAH
Also all the unix commands you knew tooo
SYSTEMD it taking that over.
HAHAHAHAHAHHAH YOUR GOIGN TO BE OUT OF A JOB AHHAHAHAHAHAHAHHA
Systemd rules. Wayland/Mir/notX rules!
And you will be FORCED to use them SUCKA FUCK!
The title is just as misleading:
Why Aren't We Using SSH For Everything?
Exactly. Why aren't we using SSH as a text editor? Why aren't we using SSH to monitor the computer's microphone? Heck, why aren't we using SSH to fry eggs on the stove?
Excellent idea. I think we need to add the capabilities of awk, sed, sort, uniq, and while we're at it lets include systemd into ssh, just so we get everything in it's appropriate place.
Or is it that we should include it all into systemd? It all gets so confusing when you try and shove everything into a dependence on something else.
Look, to be blunt people don't know shit. They probably should read the book by Michael Lucas, "SSH Mastery." But they're pobably too stupid and lazy to do it.
https://www.michaelwlucas.com/nonfiction/ssh-mastery
first, don't put all eggs into one basket.
second, ask your mom if the thinks using ssh exclusively would be fun for her.
Just like an owl regurgitat'n its preys innards, we serve it to the masses like mothers milk... nasty filthy plop I say. Not like ole time tree fodder news one could clean the bottoms with...although pixels aren't Charmin... maybe truetype fonts are easier on the bum
The NSA: concerned about your privacy since June 2013.
Metaphorically, you're trying to use a hammer to put in a screw, where several more apprpriate screwdrivers already exist.
SSH stands for Secure Shell. It was intended to be a secure replacement for telnet, providing text based terminal access over a secure channel. It has since been hacked to do a lot more and it is amazingly useful. But it is also woefully inadequate for a use everywhere approach and will never be able to accomplish such versatility. It was never inteneded to do what it already does, let alone "everything".
Your primarility talking about replacing HTTP with SSH, but there is no need. We already have HTTPS. We already have IPSec. We already have IPv6 with IPSec. The right tools are alreday available, you just have to inplement them. Hacking SSH to do one more thing that it was never intended to do is an epic waste of time and effort that is EXACTLY what I would expect from juniors in the field.
Why aren't we using SSH for everything? Because it's a stupid idea, that's why!
Given that they easily cracked SSH why use it for much of anything. Properly we'd want/need something stronger. And you can't really exchange keys over the internet in a really safe way. Though, I'm hugely in favor of replacing general public key encryption schemes for those password schemes to access websites. Just encrypt my account with the key on file, if I can read what my email is, I must be me.
It is no longer uncommon to be uncommon.
Cracked SSH? SSH is a protocol. There's nothing to crack, except your empty skull. If you want to crack something, try some 8 kb RSA keys. Good luck!
HTTPS is not a security protocol. It's a security certificate. Close to irrelevant in this matter.
SSL/TLS is a piece of JUNK for Essential Services like Twitter and G-mail.
REAL security is done the hard way via couriers and physical post transfer of keys.
And yeah, you dont need to explain to me what SSL/TLS does in an insecure way.
Get off my lawn and leave me alone with my FIALKA machine.
So why isn't there an encryption bit in the IP header? Why do we insist on doing encryption so far up the stack?
Or we could just finally implement DNSSEC, and put the keys (Or, rather, the fingerprint) in the DNS.
Someone is about to point out that DNS can be subverted and hijacked, even with DNSSEC.
Well, considering that SSL keys are commonly *emailed* to people, if anyone has subverted your DNS, or anyone's DNS, you're screwed anyway. At least with DNSSEC, it requires hacking into the actual registrar account and changing records there, instead of just tricking the least-secure SSL-issuer's DNS. (And registrars already have pretty good protection against that, considering that stealing domain names was a hobby a few years ago. And if they don't, you can always change registrars, whereas you can't stop insecure SSL-issuers you've never met from existing and issuing bogus keys for you.)
And with people getting *mailed* SSL keys actually means if the DNS is stolen for a few minutes, which people would never notice (Especially if the attackers are smart enough to just redirect MX records, and hand over every piece of mail *except* the SSL keys.), everyone can run MiTM attacks against people for a *decade* with the key they got mailed. (You could get the key revoked, but only if you know it exists, and pretending that key revocations actually worked.) Whereas with the keys in the DNS, as soon as you fix the DNS, it's fixed, everything's over.
If anything is missing, it's probably only missing on Windows.
Support on Linux and Mac is jut fine, I think.
Windows:
- client support is kind of OK
- virtual filesytem support is kind of OK
The biggest missing solution:
- Windows server support. There are some expensive solutions, not sure how well they work.
Cygwin provides an ungodly amount of functionality for windows, including ssh, sshd, and X windows secured by ssh. Admittedly, you have to have a unix/linux clue. But it definitely rewards the effort.