Remote recovery suggestion, now with initial code
Andrew Sayers
andrew-ubuntu-devel at pileofstuff.org
Sat May 31 09:58:57 UTC 2008
There's one serious security concern I have about the remote help
assistant which I'm not sure how to work around: at present, it sends
the helper's username in plaintext over the Internet, and strongly hints
that they're running an SSH server. That's not a problem if you have
proper security in place, but it puts helpers with weak passwords and
default security settings at increased risk.
The program handles security by using an SSH client on one end, and a
special-purpose SSH server on the other. Because the helper can't be
assumed to have root access to the system they're running on, the SSH
server is run in the user's own account. SSH servers running in
ordinary user accounts can only log in with that username, so the
username needs to be transmitted over the Internet before proper
security can be established. This means that an eavesdropper can sniff
your username and IP address, then start trying to brute-force your
password.
The SSH server run by the assistant itself isn't at risk, because you
can only log in to it using a specified RSA key, and even if you could
break in, you wouldn't get anything useful like a shell.
Does anyone have any suggestions about this?
- Andrew
More information about the Ubuntu-devel-discuss
mailing list