Re: Bug#756172: ITP: ssh-cron -- cron-like job scheduler that handles ssh key passphrases
At Wed, 30 Jul 2014 22:17:43 -0700, tony mancill wrote: I contacted the upstream author (on the cc: - hi Frank), and his concern with the passphraseless key trigger mechanism is precisely that you don't have a passphrase. The key is unprotected and subject to theft/unauthorized use. This could potentially occur on the system that is (normally) the legitimate source of the trigger. But ssh-cron will need to have the passphrase to be able to use the key, so someone who can steal the key from ssh-cron can also steal the passphrase from ssh-cron. What is the added security benefit of storing a key and passphrase instead of a passphraseless key? -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87ppglmbor.wl%jer...@dekkers.ch
Re: Bug#756172: ITP: ssh-cron -- cron-like job scheduler that handles ssh key passphrases
Excerpts from Jeroen Dekkers's message of 2014-07-31 14:59:48 -0700: At Wed, 30 Jul 2014 22:17:43 -0700, tony mancill wrote: I contacted the upstream author (on the cc: - hi Frank), and his concern with the passphraseless key trigger mechanism is precisely that you don't have a passphrase. The key is unprotected and subject to theft/unauthorized use. This could potentially occur on the system that is (normally) the legitimate source of the trigger. But ssh-cron will need to have the passphrase to be able to use the key, so someone who can steal the key from ssh-cron can also steal the passphrase from ssh-cron. What is the added security benefit of storing a key and passphrase instead of a passphraseless key? Agreed.. or just using ssh-agent to hold the decrypted key in RAM and letting CRON talk to it via a well protected socket. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1406854078-sup-3...@fewbar.com
Re: Bug#756172: ITP: ssh-cron -- cron-like job scheduler that handles ssh key passphrases
On 07/31/2014 02:59 PM, Jeroen Dekkers wrote: At Wed, 30 Jul 2014 22:17:43 -0700, tony mancill wrote: I contacted the upstream author (on the cc: - hi Frank), and his concern with the passphraseless key trigger mechanism is precisely that you don't have a passphrase. The key is unprotected and subject to theft/unauthorized use. This could potentially occur on the system that is (normally) the legitimate source of the trigger. But ssh-cron will need to have the passphrase to be able to use the key, so someone who can steal the key from ssh-cron can also steal the passphrase from ssh-cron. What is the added security benefit of storing a key and passphrase instead of a passphraseless key? ssh-cron uses ssh-agent, as Clint Byrum suggested in his post. If you're curious to learn more, please refer to the upstream page: http://sshcron.sourceforge.net/ signature.asc Description: OpenPGP digital signature
Re: Bug#756172: ITP: ssh-cron -- cron-like job scheduler that handles ssh key passphrases
On 07/27/2014 08:40 AM, tony mancill wrote: On 07/27/2014 01:54 AM, Marc Haber wrote: On Sat, 26 Jul 2014 21:05:37 -0700, tony mancill tmanc...@debian.org wrote: * Package name : ssh-cron Version : 0.91.01 Upstream Author : Frank B. Brokken f.b.brok...@rug.nl * URL: http://sshcron.sourceforge.net/ * License: GPL-2+ Programming Lang: C++ Description : cron-like job scheduler that handles ssh key passphrases ssh-cron acts like cron, but is provided with ssh passphrases allowing its commands to access remote systems without requiring a passphrase to be stored in a clear-text file or resorting to ssh keys without passphrases. Why would one use such a tool? passphraseless keys exist, and can be configured to be secure. Hello Marc, Thank you, Ansgar and Paul for responses regarding other ways to perform these tasks. Specifically: It is possible to restrict keys in .ssh/authorized_keys so that they are only allowed to run specific commands, see the 'command=command' bit in man:sshd(8). One probably wants to combine this with no-port-forwarding and similar options. and in more detail: http://blog.ganneff.de/blog/2007/12/29/ssh-triggers.html The idea for ssh-cron is to be able to use the keys (one might currently already have) without having to generate separate keys for triggers, and while maintaining a passphrase. Whether or not that's advisable given alternatives such as ssh triggers depends on your risk tolerance and the specifics of your environment. It seems like with Ganneff's trigger mechanism, one attack vector is to steal a backup of the passphraseless key and spoof the source IP - now you can run the trigger at will. Having a passphrase on the key could at least slow the attacker down. I could imagine using ssh-cron together with command= for a higher level of security. In any event, thank you for the discussion. I'll confer with the upstream author before proceeding with the package. I contacted the upstream author (on the cc: - hi Frank), and his concern with the passphraseless key trigger mechanism is precisely that you don't have a passphrase. The key is unprotected and subject to theft/unauthorized use. This could potentially occur on the system that is (normally) the legitimate source of the trigger. Therefore, I don't think there's feature parity between the trigger mechanism and ssh-cron. (And even if there were, TIMTOWTDI, etc...) Of course once there is a package, feature requests and bug reports are welcome. Thanks for reviewing and responding to the ITP. Cheers, tony p.s. Where else but in Debian can you get constructive feedback on grammar and secure system administration *in the same thread*? :) signature.asc Description: OpenPGP digital signature
Re: Bug#756172: ITP: ssh-cron -- cron-like job scheduler than handles ssh key passphrases
On Sat, Jul 26, 2014 at 09:05:37PM -0700, tony mancill wrote: Package: wnpp Severity: wishlist Owner: tony mancill tmanc...@debian.org * Package name: ssh-cron Version : 0.91.01 Upstream Author : * URL : * License : GPL-2+ Programming Lang: C++ Description : cron-like job scheduler than handles ssh key passphrases Presume you mean ... scheduler that handles ... It may even be proper English to say ... scheduler which handles ... -- If you're not careful, the newspapers will have you hating the people who are being oppressed, and loving the people who are doing the oppressing. --- Malcolm X -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140727065723.GA32374@tal
Re: Bug#756172: ITP: ssh-cron -- cron-like job scheduler than handles ssh key passphrases
On Sat, 26 Jul 2014 21:05:37 -0700, tony mancill tmanc...@debian.org wrote: * Package name: ssh-cron Version : 0.91.01 Upstream Author : * URL : * License : GPL-2+ Programming Lang: C++ Description : cron-like job scheduler than handles ssh key passphrases ssh-cron acts like cron, but is provided with ssh passphrases allowing its commands to access remote systems without requiring a passphrase to be stored in a clear-text file or resorting to ssh keys without passphrases. Why would one use such a tool? passphraseless keys exist, and can be configured to be secure. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber |Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom | http://www.zugschlus.de/ Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fon: *49 621 72739834 -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/e1xbked-0001ly...@swivel.zugschlus.de
Re: Bug#756172: ITP: ssh-cron -- cron-like job scheduler than handles ssh key passphrases
On Sun, Jul 27, 2014 at 06:57:24PM +1200, Chris Bannister wrote: Presume you mean ... scheduler that handles ... It may even be proper English to say ... scheduler which handles ... We got the advice to always use which with comma and that without comma. Especially for non-native speakers the number of variations with slightly different meaning gets too high. Bastian -- Witch! Witch! They'll burn ya! -- Hag, Tomorrow is Yesterday, stardate unknown -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140727093957.ga...@mail.waldi.eu.org
Re: Bug#756172: ITP: ssh-cron -- cron-like job scheduler than handles ssh key passphrases
Hi Marc, On Sun, Jul 27, 2014 at 4:54 AM, Marc Haber mh+debian-de...@zugschlus.de wrote: Why would one use such a tool? passphraseless keys exist, and can be configured to be secure. This sounds interesting. Do you have a link to some documentation on this technique? Jonathan
Re: Bug#756172: ITP: ssh-cron -- cron-like job scheduler than handles ssh key passphrases
Sorry for the double-post. Upon reflection, it looks like I was asking about information about passphraseless keys -- I was curious about the latter part, how they can be configured to be secure. On Sun, Jul 27, 2014 at 8:31 AM, Jonathan Yu jaw...@cpan.org wrote: Hi Marc, On Sun, Jul 27, 2014 at 4:54 AM, Marc Haber mh+debian-de...@zugschlus.de wrote: Why would one use such a tool? passphraseless keys exist, and can be configured to be secure. This sounds interesting. Do you have a link to some documentation on this technique? Jonathan
Re: Bug#756172: ITP: ssh-cron -- cron-like job scheduler than handles ssh key passphrases
Hi, Jonathan Yu jaw...@cpan.org writes: On Sun, Jul 27, 2014 at 4:54 AM, Marc Haber mh+debian-de...@zugschlus.de wrote: Why would one use such a tool? passphraseless keys exist, and can be configured to be secure. This sounds interesting. Do you have a link to some documentation on this technique? It is possible to restrict keys in .ssh/authorized_keys so that they are only allowed to run specific commands, see the 'command=command' bit in man:sshd(8). One probably wants to combine this with no-port-forwarding and similar options. Ansgar -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87k36zdj9x@deep-thought.43-1.org
Re: Bug#756172: ITP: ssh-cron -- cron-like job scheduler than handles ssh key passphrases
On Sun, Jul 27, 2014 at 9:27 PM, Ansgar Burchardt wrote: It is possible to restrict keys in .ssh/authorized_keys so that they are only allowed to run specific commands, see the 'command=command' bit in man:sshd(8). One probably wants to combine this with no-port-forwarding and similar options. An article about how these are used: http://blog.ganneff.de/blog/2007/12/29/ssh-triggers.html -- bye, pabs https://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caktje6e-mza4nzxlxa2g2_kbyqn5iyp0hme7tatjycy507e...@mail.gmail.com
Re: Bug#756172: ITP: ssh-cron -- cron-like job scheduler than handles ssh key passphrases
/me mutters something about being incompatible with reportbug... The upstream author and URL should have been in the original report (corrected below). On 07/27/2014 01:54 AM, Marc Haber wrote: On Sat, 26 Jul 2014 21:05:37 -0700, tony mancill tmanc...@debian.org wrote: * Package name : ssh-cron Version : 0.91.01 Upstream Author : Frank B. Brokken f.b.brok...@rug.nl * URL: http://sshcron.sourceforge.net/ * License: GPL-2+ Programming Lang: C++ Description : cron-like job scheduler than handles ssh key passphrases ssh-cron acts like cron, but is provided with ssh passphrases allowing its commands to access remote systems without requiring a passphrase to be stored in a clear-text file or resorting to ssh keys without passphrases. Why would one use such a tool? passphraseless keys exist, and can be configured to be secure. Hello Marc, Thank you, Ansgar and Paul for responses regarding other ways to perform these tasks. Specifically: It is possible to restrict keys in .ssh/authorized_keys so that they are only allowed to run specific commands, see the 'command=command' bit in man:sshd(8). One probably wants to combine this with no-port-forwarding and similar options. and in more detail: http://blog.ganneff.de/blog/2007/12/29/ssh-triggers.html The idea for ssh-cron is to be able to use the keys (one might currently already have) without having to generate separate keys for triggers, and while maintaining a passphrase. Whether or not that's advisable given alternatives such as ssh triggers depends on your risk tolerance and the specifics of your environment. It seems like with Ganneff's trigger mechanism, one attack vector is to steal a backup of the passphraseless key and spoof the source IP - now you can run the trigger at will. Having a passphrase on the key could at least slow the attacker down. I could imagine using ssh-cron together with command= for a higher level of security. In any event, thank you for the discussion. I'll confer with the upstream author before proceeding with the package. Regards, tony signature.asc Description: OpenPGP digital signature
Re: Bug#756172: ITP: ssh-cron -- cron-like job scheduler than handles ssh key passphrases
Bastian Blank wa...@debian.org writes: On Sun, Jul 27, 2014 at 06:57:24PM +1200, Chris Bannister wrote: Presume you mean ... scheduler that handles ... It may even be proper English to say ... scheduler which handles ... We got the advice to always use which with comma and that without comma. Especially for non-native speakers the number of variations with slightly different meaning gets too high. It also doesn't really matter. Choice of which versus that in English doesn't pose any comprehension problems for a native speaker. It has, at various points in time, been something of a class marker, in that following certain rules sounds more formal or educated than not following those rules, but everyone understands what you mean either way. The distinction has become increasingly less significant and less policed over time, and I suspect that eventually it will wear away. -- Russ Allbery (r...@debian.org) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87egx666gu@windlord.stanford.edu
Re: Bug#756172: ITP: ssh-cron -- cron-like job scheduler than handles ssh key passphrases
On Sun, Jul 27, 2014 at 08:40:03AM -0700, tony mancill wrote: It seems like with Ganneff's trigger mechanism, one attack vector is to steal a backup of the passphraseless key and spoof the source IP - now you can run the trigger at will. Having a passphrase on the key could at least slow the attacker down. I could imagine using ssh-cron together with command= for a higher level of security. Uhm, spoof the source IP? This is not UDP, you'd also need to get traffic back redirected to you. Kind regards Philipp Kern signature.asc Description: Digital signature
Re: Bug#756172: ITP: ssh-cron -- cron-like job scheduler than handles ssh key passphrases
On Sun, Jul 27, 2014 at 10:45:37AM -0700, Russ Allbery wrote: Bastian Blank wa...@debian.org writes: On Sun, Jul 27, 2014 at 06:57:24PM +1200, Chris Bannister wrote: Presume you mean ... scheduler that handles ... It may even be proper English to say ... scheduler which handles ... We got the advice to always use which with comma and that without comma. Especially for non-native speakers the number of variations with slightly different meaning gets too high. It also doesn't really matter. Choice of which versus that in English doesn't pose any comprehension problems for a native speaker. I specifically talked about non-native speakers, like myself. And there are more non-native English speakers than native ones. Bastian -- Spock: The odds of surviving another attack are 13562190123 to 1, Captain. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140727180023.ga1...@mail.waldi.eu.org
Re: Bug#756172: ITP: ssh-cron -- cron-like job scheduler than handles ssh key passphrases
Bastian Blank wa...@debian.org writes: On Sun, Jul 27, 2014 at 10:45:37AM -0700, Russ Allbery wrote: Bastian Blank wa...@debian.org writes: We got the advice to always use which with comma and that without comma. Especially for non-native speakers the number of variations with slightly different meaning gets too high. It also doesn't really matter. Choice of which versus that in English doesn't pose any comprehension problems for a native speaker. I specifically talked about non-native speakers, like myself. And there are more non-native English speakers than native ones. Sorry, I said that badly. That for a native speaker didn't belong there. What I meant to say is that choice of which versus that in English doesn't pose any comprehension problems. I think that applies regardless of whether you're a native speaker. This is drifting off-topic into theories of grammar, but it's worth bearing in mind that there are two major types of grammar errors: the kind that causes confusion about the meaning of the sentence, and the kind where everyone still understands the sentence just fine but it's not considered formally correct. Most (not all) of the grammar errors of the first kind are errors that native speakers would never make, and indeed are part of the definition of being fluent. Native speakers make the latter type of grammar errors all the time, and they generally go completely unremarked in speech because they have no impact on comprehension. The use of which vs. that is definitely in the second category. It may have some mild impact on how formal the writing sounds, but you're not in any danger of confusing anyone about what the sentence means (except in a few very artificial examples where the sentence really should just be rephrased entirely). I'm fairly sure that's true for both native readers and non-native readers. That latter type of errors are generally the domain of a style guide, because it feels better to use a consistent approach each time they arise, but they're not particularly important for conveying meaning. -- Russ Allbery (r...@debian.org) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87zjfu4psu@windlord.stanford.edu
Re: Bug#756172: ITP: ssh-cron -- cron-like job scheduler than handles ssh key passphrases
]] Philipp Kern On Sun, Jul 27, 2014 at 08:40:03AM -0700, tony mancill wrote: It seems like with Ganneff's trigger mechanism, one attack vector is to steal a backup of the passphraseless key and spoof the source IP - now you can run the trigger at will. Having a passphrase on the key could at least slow the attacker down. I could imagine using ssh-cron together with command= for a higher level of security. Uhm, spoof the source IP? This is not UDP, you'd also need to get traffic back redirected to you. That's harder and more visible, but not impossible. BGP hijacks do happen, intentionally and not. -- Tollef Fog Heen UNIX is user friendly, it's just picky about who its friends are -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87wqayd40p@xoog.err.no
Re: Bug#756172: ITP: ssh-cron -- cron-like job scheduler than handles ssh key passphrases
On 2014-07-27 11:39:58 +0200, Bastian Blank wrote: On Sun, Jul 27, 2014 at 06:57:24PM +1200, Chris Bannister wrote: Presume you mean ... scheduler that handles ... It may even be proper English to say ... scheduler which handles ... We got the advice to always use which with comma and that without comma. Especially for non-native speakers the number of variations with slightly different meaning gets too high. Shouldn't there be a comma because it is a non-restrictive clause? -- Vincent Lefèvre vinc...@vinc17.net - Web: https://www.vinc17.net/ 100% accessible validated (X)HTML - Blog: https://www.vinc17.net/blog/ Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140727212621.ga32...@xvii.vinc17.org
Bug#756172: ITP: ssh-cron -- cron-like job scheduler than handles ssh key passphrases
Package: wnpp Severity: wishlist Owner: tony mancill tmanc...@debian.org * Package name: ssh-cron Version : 0.91.01 Upstream Author : * URL : * License : GPL-2+ Programming Lang: C++ Description : cron-like job scheduler than handles ssh key passphrases ssh-cron acts like cron, but is provided with ssh passphrases allowing its commands to access remote systems without requiring a passphrase to be stored in a clear-text file or resorting to ssh keys without passphrases. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140727040536.GA17911@boson