Slashdot Mirror
Why Aren't We Using SSH For Everything?
An anonymous reader writes: A post at Medium asks why, in this age of surveillance and privacy-related bogeymen, we aren't making greater use of SSH for our secure computing needs?
"SSH is one of the most accessible secure protocols ever, second only to HTTPS of course. Let's see what we have so far: Binary protocol, mandatory encryption, key pinning, multiplexing, compression (yes, it does that too). Aren't these the key features for why we invented HTTP/2?
Admittedly, SSH is missing some pieces. It's lacking a notion of virtual hosts, or being able to serve different endpoints on different hostnames from a single IP address. On the other hand, SSH does have several cool features over HTTP/2 though, like built-in client authentication which removes the need for registration and remembering extra passwords."
"SSH is one of the most accessible secure protocols ever, second only to HTTPS of course. Let's see what we have so far: Binary protocol, mandatory encryption, key pinning, multiplexing, compression (yes, it does that too). Aren't these the key features for why we invented HTTP/2?
Admittedly, SSH is missing some pieces. It's lacking a notion of virtual hosts, or being able to serve different endpoints on different hostnames from a single IP address. On the other hand, SSH does have several cool features over HTTP/2 though, like built-in client authentication which removes the need for registration and remembering extra passwords."
>Admittedly, SSH is missing some pieces
Should read, "Admittedly, SSH is missing some crucial features, that make its use in this context impossible."
Thank you for mentioning it is medium.com on the summary. That's how it should be done, since we hate being click-baited to such websites.
Violence is the last refuge of the incompetent. Polar Scope Align for iOS
way to steal from reddit...assholes
I use SSH for everything. I use it between my cell phone and the wall charger. I use it between my thermostat and my furnace. Probably most importantly, I use it between my my remote control and TV. Never can be too careful these days.
Better known as 318230.
Recent Snowden documents shed doubt on whether the NSA isn't actually able to crack ssh, too. http://www.spiegel.de/international/germany/a-1010361.html
SSH can be used for virtual hosting environments just fine with things like force-command chrooting automatically when a user logs in based on username or pubkey. The protocol is not hostname aware, so it cannot handle "different hostnames from a single IP", you have to have a different user account name in order to do similar tricks. I do not think that is a limitation though, since you are talking to the underlying system, not to a content serving system like a web server.
[Start SSH] Yipppppeeeee!!!!! [End SSH]
I use ssh a lot. and ssl. and s/mime.
no, I don't have a sig
The title is just as misleading:
Why Aren't We Using SSH For Everything?
Exactly. Why aren't we using SSH as a text editor? Why aren't we using SSH to monitor the computer's microphone? Heck, why aren't we using SSH to fry eggs on the stove?
You editors are R-e-T-a-R-d-E-d.
If anything is missing, it's probably only missing on Windows.
Support on Linux and Mac is jut fine, I think.
Windows:
- client support is kind of OK
- virtual filesytem support is kind of OK
The biggest missing solution:
- Windows server support. There are some expensive solutions, not sure how well they work.
New things are always on the horizon
SSH is nice, but it can be a pain in the ass to set up. This is probably the biggest reason I don't use it often. Of course, if I used it more I probably wouldn't be whining about it being a pain in the ass. However, unless you are constantly admining a lot of *nix machines that are using SSH, one of *nix' strengths can be it's undoing. Every time I set up SSH I have to relearn how to do it from scratch because I've forgotten since the last time I set it up. I had the same issue with ipchains and iptables, and Samba - once you get them working you really don't have to touch them again for years, usually. Great, for sure, but it's longer than my memory is capable of retaining those details.
Are you suggesting creating SSH tunnels connecting everything? Encrypting traffic is a good thing, but I think efficient decentralized hosting is a higher priority. What good is security if it's trivial to attack the end points?
Everyone I work with has SSH+SOCKS set up to a central set of servers, then we reach out from there.
One of the coolest client-side features of most SSH clients (at least OpenSSH and PuTTY support it) is the ability to turn any SSH connection into a SOCKS5 proxy, provided the server will let you. If your Internet connection has a restrictive stateful firewall on it that blocks your access to many useful legitimate sites, you can just stunnel out over TLS and then have the ability to go outbound on any port (including SSH's default port of 22) using your SOCKS5 proxy. I've used RDP over SSH over TLS before to get around restrictive filters.
I know back in 1995 when Cygwin came out it got a reputation of being pretty flakey.
But it's come a long way in the last 2 decades.
These days, pretty much any time you think you have a "hmm, Linux can do this but I don't know how to do it on Windows", Cygwin is probably a very good possibility.
The article is "SSH how does it even?". What the fuck slashdot? How do you mis-judge your audience this badly?
... everything looks like a nail.
It's lacking a notion of virtual hosts
That's a major reason right there. There was a time when some web servers couldn't do virtual hosts with https: well or at all.
That, and the usual reasons why HTTPS etc. aren't used more (server-side overhead, etc.).
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
SSH connections take For. Eh. Ver. relatively speaking:
Subsequent requests using the same connection are quick enough:
% time ssh localserver exit ssh localserver exit 0.00s user 0.00s system 20% cpu 0.039 total
But compare to an HTTPS connection to a remote host:
A brand new request to a remote server takes just 263ms, and a second request only 81ms. Considering that the server is 25ms away, that makes it a bit faster than a cached SSH connection to a local machine.
But even more than that, SSH in this context is a transport, not a protocol. It allows you to build and manage secure connections, but you still have to write a protocol on top of it ("I'll send this command, and you reply with..."). Even if you "cheat" and use SFTP, you're still missing out on fixes to the thousands of little issues people have worked out with HTTP over the years. What's the SFTP equivalent of If-Modified-Since? How will redirects to remote servers work? What's your cross-domain scripting policy? How are you going to handle anonymous connections?
Use SSH for SSH. Use HTTP for HTTP. They're separate things for good reasons.
Dewey, what part of this looks like authorities should be involved?
In any event, having automatic browser/server built in support for something like SSH or HTTP/2 is a good thing. It wouldn't be horrible if browsers chose to implement some sort of setup with SSH as well as the HTTP/2 standard, but even that implementation would require some sort of standardization. Cool idea. I think that an Apache plugin for SSH and browser support would be a neat alternative. I mean, that's the thing, right? For everyone to adopt it, it has to be completely transparent. To the point that they don't even really realize they are adopting anything. Including the people installing and maintaining the servers. Not all web servers are admined or set up by geniuses. If the server configuration and set up is too complicated global adoption would fail as well.
I've been wondering for some time now why TLS (SSH) is not integrated into the OS, to extend the TCP/IP stack on a low level.
If Pandora's box is destined to be opened, *I* want to be the one to open it.
http://www.zerohedge.com/news/2015-01-02/2015-will-be-all-about-iran-china-and-russia#comment-5617702
Imagine going back in time 15 years and warning everyone about all the crazy shit coming down the pipe. They would send you to the funny farm!
-The presidential election will be decided by one vote... on the supreme court.
-There will be a nuclear terrorist attack on New York, perpetrated by Israel, the Bush administration, and the Pentagon, with obvious evidence right out in the open, and nobody will question it.
-The attack will be used as bait and switch to wage a $3 trillion war against a country which didn't even have anything to do with the patsies, let alone the actual attack.
-There will be a resurgence of fascism and slavery, and people will call it freedom.
-Two Skull and Bonesmen will run against each other in 2004. They will refuse to talk about it and everyone else will be cool with that. Isn't democracy great?
-TV will be mostly fearmongering, propaganda, celebrity gossip, and reality shows about giant-assed sluts. There will be a time when the truthiest TV news will be on Comedy Central. "The Onion Reality" will acquire meaning.
-A black gay foreign muslim communist will become president. He will spend most of his time golfing, reading from a teleprompter, and watching drone bombings. By any objective measures he will be worse than Bush, but the left will love him, because thinking anything else would be racist.
-The Fed will print tens of trillions of dollars and give it to the banks, including many foreign banks, but hyperinflation will be delayed because the economy will suck so bad that people will hold held their dollars tight. People will be awed by the power of central planning.
-Billion dollar scams will become so common that most will be ignored. Only one person will go to jail, and only because he stole from Zionist charities.
-Housing will be sliced and diced so many ways that people will end up getting foreclosed on by multiple banks that they never even signed with. Nobody will have clear title to their house. And nobody will go to jail.
-They will change the rules so that bank accounts can be raided due to bank failure, in addition to all the other excuses for legalized plunder. Banks will stop paying interest. Despite all this, there will not be bank runs. One might think that's because everyone will be more afraid of cops stealing their cash, but no. It will be because everyone will be brick stupid.
-A passenger jet will be abducted to Diego Garcia. The media will blame terrorists, then aliens and black holes, then back to Kim's giant ass.
-There will be SWAT team raids over raw milk, unpaid student loans, feeding the homeless, etc, etc. Babies will get their faces blown off. The only people who will go to jail (or the morgue) will be the innocent victims.
-The Russians will become the good guys.
But we're just getting started! Think of all the crazy shit coming down the pipe for the NEXT fifteen years! If we don't get at least one hoaxed ailen attack by 2030, Krugman and I will be very disappointed..
telnet and ftp practically died a while back, http is on the way out. In most corporate environments, other protocols such as X are local only and remote use is over ssh tunnels. IMAP/SMTP takes place over TLS when using decent providers. I guess there is a question of whether SSH and HTTPs should be merged. But a lot of work has been put in both and would be difficult to replicate and make as secure from the start. No hurry.
The only exceptions are organizations with lax security (like Sony apparently) and cases where security or integrity is completely not an issue. I guess if you broadcast a video as unencrypted UDP over a local network, that's fine.
SSH as a protocol was designed for interactive login, and it has some issues when used for other applications. But there is one key aspect of it that needs to break out of SSH, the public key cryptography part.
When creating an account on a web site, rather than entering a User ID and password the browser should generate a public-private pair, and send the public part to the other side. Logins can then be done just like SSH does, with a cryptographic exchange.
The "lost password database" goes away completely. If you got the database on the far end it would only contain public keys, which would not allow logins. The whole "everyone must change their password" nonsense goes away.
So don't force SSH on us, but let's all work to get more public key based logins.
How far /. has fallen.
this article doesn't deserve a dignified discussion its absurd and misguided please don't encourage them further
I think, because only a fraction of 'net users are security conscious.
The rest just use the 'defaults' of their apps and search result links for things like email , online shopping, and online banking, and trust(?) that the people providing the access to their email, online banking, and online shopping, kept them safe.
Uh, Linux geek since 1999.
Why aren't we? Because using ssh doesn't prevent people from posting their private keys to github and being shocked, outraged even, that their entire infrastructure is now compromised?
I see we are recycling reddit posts now
seriously, have you ever tried to get a cert installed properly in J2EE? Node? PHP/Apache? Ever tried to get PGP working right on t-bird?
There is nothing about the process that is straightforward in any way (including the cert signing stuff). Thus, most websites will simply find it easier to not bother. Let those who can pay for experts pay for it, but until expertise becomes "push this button" easy, and still almost free, it isn't worth it for typical web traffic.
"But remember, most lynch mobs aren't this nice." (H.Simpson)
-- Joe
I confused medium.com with the other site that is often the target of /. article links. Dammit now I am stuck, I can't remember it, it has a simple name as well, it is one with "scientific" topics but really crap content in a fancy css scrolling article... Sorry about that...
Violence is the last refuge of the incompetent. Polar Scope Align for iOS
The protocol handles environment variables. That's not much different than HTTP headers.
Since, according to some sources, the NSA have cracked the SSH protocol, you probably DON'T want to use it "for everything". Perhaps this question is a shill?
SSH is not a magic bullet. It is designed for secure remote administration and it does that extremely well.
Condoms are pretty good for safe sex. I think we should be using condoms to protect our bank accounts, for giving everyone safe drinking water, for screening passengers at airports and for securing your valuables in hotel rooms.
What issues are there for "other applications"? Mostly everyone uses ssh for git push, for example, and it works quite fine...
What are all the Golang dependencies?
One problem with ssh-key client authentication, is the trust of the public key, now both there is x509 and openssh's certificate based authentication systems, but neither are globally adopted by all clients and servers. This leads to the "how do you absolutely know that the key listed in authorized_keys is a valid ssh key or if someone has added one to it. But you without widescale support of SSHFP, there's no method of really trusting the servers keys either, if you are connecting to a server for the first time, can you actually trust the fingerprint, and if the fingerprint changes how do you know if it's a valid change or not.
A second problem is that with key-agents, allows for the key to be used to connect to other systems, so if someone obtains your "insecure" private key, they could have access to each server that trusts that key, directly or indirectly.
A third, which isn't a problem but somewhat of missing documentation, is that of the Sub Services, So many more features could be generated with better documentation available, an example could be to provide a replacement for the time services (not ntp), and I have used it in the past to output stats from various services, but the documentation is missing.
The last thing I will say, on the server side not only deprecate ssh v1, but it's time to completely obsolete and remove it.
Opportunistic end-to-end encryption was originally in the IPv6 Sec. Somewhere along the way it went missing. Along with the FreeSwan project which had it working pretty well for IPV4 a decade and a half ago.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Why Aren't We Using SSH For Everything?
Because only morons use the same tool for everything. Experts use the best tool for the job at hand.
And besides, most of us use SSH for a lot of things. For remote management, copying files, for accessing our git repositories and probably 20 other things.
Assorted stuff I do sometimes: Lemuria.org
ssh stores keys in ~/.ssh
At the same time we still use the retarded "user" concept of Unix. Now, a browser, PDF reader or LibreOffice or Gimp exploit is sufficient to get the key. Granted, it is protected by passphrase, but these are often not very strong. One character of prose is typically much less than 1 bit of entropy if you are up against a well-funded (read: well-skilled) adversary.
Even better, an infected firefox could directly attach to other processes of the same user using the /proc/mem file system.
From this you can guess how NSA-GCHQ acquires ssh keys. A single visit of SD is probably sufficient, given the rogue nature of their behaviour.
We baldy need to sandbox ALL processes in order to shore up security. Also, the SE Linux approach of labelling resources and allowing only processes with appropriate privileges to access the ssh keys must be implemented.
They use some sort of exploits to attach to /proc/mem when ssh runs and has the plaintext key. A single firefox exploit in SD would work wonders against the "Linux terrorists" like you and me.
The problem of SSL/TLS is exactly the feature-overload.
Do we really need to have asymmetric crypto exposed via an automated interface ???
Because that implies a massive piece of code just to parse the ASN1 mumbo-jumbo. Tons of bugs were in ASN1 parsers alone. Most developers dont know how to properly check a SSL/TLS connection for a MITM attack, actually.
When I do banking, why cant I just use a symmetric cipher my bank has mailed to me in some sort of moderately secure physical envelope ?
And when I really need to do some sort of key exchange over the net, maybe manually running GPG is the better approach ?
They managed to slip something into gcc along the lines of the Tompson attack.
This is a gang of something like 1 million gang members all over America. They can do things you never dreamed of. Unpunished.
One word for why ssh is not literally "everything" : Windows
Sure, there are ssh clients/servers for Windows, but ssh is not a native Windows protocol. Without that, it won't ever be "everywhere." Another example of the "we know best" attitude and lack of listening/insite from top managers who are at this point so indoctrinated/co-joined with Microsoft that Bill Gates' left arm sprouts from an RDP session on their side when they need to wipe.
The powers to be at my work have actually tagged SSH as a volunerability on our network due to root being able to access all ssh keys on a system. Without being able to secure those keys from root, they are slowly phasing it out. (Yes, they are so clueless to think they can hide root-owned files from root on UNIX -- these are the same folks saying RDP is more secure ... and the same folks a very large storage place for your money! -- YES, be very very afraid!)
"Binary protocol" isn't really a good thing or a bad thing, it's just a thing.
Clearly, merely using SSH is not nearly enough. What are the best practices for SSH configuration? Cipher type, key length, other options, etc.
I've done some searches on this but haven't come up with much.
Perhaps, but the semantics are different.
Proxying and caching is another HTTP feature that is common place that might be hard to do in SSH. Sure, ssh can redirect and pipe. But there isn't a very good way to encapsulate multiple ssh sessions without both ends knowing about the structure of the proxying.
If you are using a SSH tunnel or similarly with a VPN, you are already doing 'everything' over SSH, that is to say the whole network connection. Even my X11 server is using it right now.
However HTTP/S, SMTP and the like are protocols, not transport mechanisms.
I used it to fuck your gf with. You really have to be careful.
It us almost always windows that is cracked.
Even if the serial spammers start spamming anonymously, the site remains unreadable.
It's sucked for a long ass time. I've tried it with HPN on and off, and tried setting it between SCP and SFTP modes, the thing is nowhere near as fast as it should be.
Buck Feta. You know what to do.
because monocultures are bad. haven't we seen enough bad shit from monocultures last year. You have to look no further to heartbleed as to why this is a fucking aweful idea.
Is this just not Benedict Bumblefuck again?
Turn on compression with -C and select a fast cipher with -c
ssh -C -c blowfish-cbc,arcfour -X
Also, some applications (Firefox) seem to do all their own per-pixel rendering rather than using appropriate X primitives. For those applications, VNC with a a minimum color palette may work much better, or choose a different application that does the same job.
Speaking of choosing different applications, consider CLI options. A CLI interface is quite usable at about 64 kbps. I use the GUI only for a browser and email, and occasionally virt-manager. The browser and email can use the socks proxy feature of ssh, so that only leaves virt-manager as the only application I ever forward.
X is going in the trash. HAHAHAHAHAHH YOULL BE OUT OF A JOB HAHHAHAHAH.
Other newer stuf is replacing it. HAHHAHAHAHAH
Also all the unix commands you knew tooo
SYSTEMD it taking that over.
HAHAHAHAHAHHAH YOUR GOIGN TO BE OUT OF A JOB AHHAHAHAHAHAHAHHA
Systemd rules. Wayland/Mir/notX rules!
And you will be FORCED to use them SUCKA FUCK!
Look, to be blunt people don't know shit. They probably should read the book by Michael Lucas, "SSH Mastery." But they're pobably too stupid and lazy to do it.
https://www.michaelwlucas.com/nonfiction/ssh-mastery
first, don't put all eggs into one basket.
second, ask your mom if the thinks using ssh exclusively would be fun for her.
Metaphorically, you're trying to use a hammer to put in a screw, where several more apprpriate screwdrivers already exist.
SSH stands for Secure Shell. It was intended to be a secure replacement for telnet, providing text based terminal access over a secure channel. It has since been hacked to do a lot more and it is amazingly useful. But it is also woefully inadequate for a use everywhere approach and will never be able to accomplish such versatility. It was never inteneded to do what it already does, let alone "everything".
Your primarility talking about replacing HTTP with SSH, but there is no need. We already have HTTPS. We already have IPSec. We already have IPv6 with IPSec. The right tools are alreday available, you just have to inplement them. Hacking SSH to do one more thing that it was never intended to do is an epic waste of time and effort that is EXACTLY what I would expect from juniors in the field.
Why aren't we using SSH for everything? Because it's a stupid idea, that's why!
HTTPS is not a security protocol. It's a security certificate. Close to irrelevant in this matter.
SSL/TLS is a piece of JUNK for Essential Services like Twitter and G-mail.
REAL security is done the hard way via couriers and physical post transfer of keys.
And yeah, you dont need to explain to me what SSL/TLS does in an insecure way.
Get off my lawn and leave me alone with my FIALKA machine.
So why isn't there an encryption bit in the IP header? Why do we insist on doing encryption so far up the stack?
Or we could just finally implement DNSSEC, and put the keys (Or, rather, the fingerprint) in the DNS.
Someone is about to point out that DNS can be subverted and hijacked, even with DNSSEC.
Well, considering that SSL keys are commonly *emailed* to people, if anyone has subverted your DNS, or anyone's DNS, you're screwed anyway. At least with DNSSEC, it requires hacking into the actual registrar account and changing records there, instead of just tricking the least-secure SSL-issuer's DNS. (And registrars already have pretty good protection against that, considering that stealing domain names was a hobby a few years ago. And if they don't, you can always change registrars, whereas you can't stop insecure SSL-issuers you've never met from existing and issuing bogus keys for you.)
And with people getting *mailed* SSL keys actually means if the DNS is stolen for a few minutes, which people would never notice (Especially if the attackers are smart enough to just redirect MX records, and hand over every piece of mail *except* the SSL keys.), everyone can run MiTM attacks against people for a *decade* with the key they got mailed. (You could get the key revoked, but only if you know it exists, and pretending that key revocations actually worked.) Whereas with the keys in the DNS, as soon as you fix the DNS, it's fixed, everything's over.
If anything is missing, it's probably only missing on Windows.
Support on Linux and Mac is jut fine, I think.
Windows:
- client support is kind of OK
- virtual filesytem support is kind of OK
The biggest missing solution:
- Windows server support. There are some expensive solutions, not sure how well they work.
Cygwin provides an ungodly amount of functionality for windows, including ssh, sshd, and X windows secured by ssh. Admittedly, you have to have a unix/linux clue. But it definitely rewards the effort.