[mosh-devel] Secure agent forwarding with Mosh

Keith Winstein keithw at cs.stanford.edu
Mon Nov 13 04:04:38 EST 2017


On Thu, Nov 9, 2017 at 6:43 AM, Daniel Roethlisberger <daniel at roe.ch> wrote:

> Specifically, I am not interested in manually approving agent
> requests.  The ratio of hassle to mitigated risk is unreasonable
> in my opinion.  It addresses a narrow category of attacks while
> not helping against other attacks with similar prerequisites and
> risk (e.g. injecting commands into TTYs of SSH sessions from the
> compromised system, or replacing a legit auth challenge on the
> compromised server as it is being handed to the client machine's
> agent where it will be approved by the user).  So unless the
> confirmations can be easily removed by configuration or patching,
> I won't be overly excited about this.
>

Thanks for your feedback, Daniel. I think if you try it, you will be
pleasantly surprised.

On the issue of "manually approving agent requests" -- you don't have to.
The local agent gets to see and approve each request, but the user can
"allow forever" and doesn't need to approve each request manually.

Re: "additional network and firewall considerations," Guardian Agent just
runs over autossh. If you can SSH to the intermediary, you can run Guardian
Agent.

On the "other attacks with similar prerequisites" -- if I understand you,
Guardian Agent already prevents these attacks. The "legit auth challenge"
is bound to the triple of { intermediary machine, command, server }, so
it's not possible to "replace" a legit auth challenge and use the user's
credentials to execute a different command (or on a different server, or
from a different intermediary) than what was requested. (The way that
Guardian Agent works is that the local agent actually issues the command to
the remote server before handing over the session to the intermediary.) So
while a compromised intermediary machine can *ask* to execute an evil
command, the agent will know about it and it won't match some prior "allow"
rule in the local configuration.

(To be clear, this works best for commands like 'git fetch-pack' to a
particular repository or something like that, where the command is not
going to allow arbitrary follow-on commands to be executed. If the user
wants to execute a shell or some other interactive session, then yes, this
doesn't prevent a malicious intermediary from later inserting arbitrary
input into the session. Probably the best thing in that case, if you really
don't trust the intermediary, would be to just to use the intermediary to
ferry ciphertext bytes and not to let it see the plaintext at all. But even
in that case, at least Guardian Agent still lets you lock down which
intermediaries can connect to which remote servers.)

-Keith
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mosh-devel/attachments/20171113/c5d3c1be/attachment.html


More information about the mosh-devel mailing list