1. 2
  1.  

  2. 7

    I kind of get the impression the authors don’t know how asymmetric encryption works?

    1. 1

      Yeah, if you’re going to talk to a server every time anyway, you may just as well generate throwaway ssh keys, no need to involve the whole X509-circus.

      Use a well placed AuthorizedKeysCommand and AuthorizedKeysFile and you don’t have the problems laid out in the article.

      1. 2

        I might be misunderstanding the article, but isn’t it their purpose to effectively manage authorized_keys automatically so you can use your SSO credentials instead of doing ssh directly? Kind of like what BLESS does with AWS IAM roles.

    2. 4

      If your organization uses SSH public keys, it’s entirely possible you have already mislaid one. There is a file sitting in a backup or on a former employee’s computer which grants the holder access to your infrastructure. If you share SSH keys between employees it’s likely only a few keys are enough to give an attacker access to your entire system

      What? That’s how public keys work. They are meant to be public…

      1. 2

        I took it to mean compromised private keys. The sshd config for it is literally called ‘publickey’ and PubkeyAuthentication

      2. 4

        “If your organization building uses keys, it’s entirely possible you have already mislaid one. There is a key sitting in a car or in a former employee’s jacket which grants the holder access to your infrastructure. If you share keys between employees it’s likely only a few keys are enough to give an attacker access to your entire building.”

        Of course, if you mismanage the secrets, some attacker, if they acquire them, can do stuff. Isn’t that common sense?

        I read it as fear mongering for non-technical CEO with money to throw at cloudflare for their brand-new perfect world-fixing “solution”. No thanks.

        1. 1

          Yeah this whole problem can be solved in a myriad of simpler ways.

          • if you’re worries about laptop compromise, disk encryption and private key file passwords
          • if you’re worried about SSH access control, use a few bastion hosts which people can SSH into and hop to the intended servers from: suddenly all your key management and access control is in one (replicable across datacenters) place

          But more importantly, developers (or are we talking about network admins? Customers?? Who is this for?) shouldn’t have to be SSHing all the time into many different servers. I feel like it’s indicative of a problem in workflow.