Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question regarding ssh-agent on unsafe computer. #113

Closed
ananteris opened this issue Apr 30, 2017 · 1 comment
Closed

Question regarding ssh-agent on unsafe computer. #113

ananteris opened this issue Apr 30, 2017 · 1 comment
Assignees
@romanz
Labels
question SSH

Comments

@ananteris
Copy link

I was wondering whether or not there is any sort of timestamping built into the ssh-agent/sshd systems that expire a signed public key after some period of time?

To be more precise I was wondering what the effect of using trezor's ssh-agent would be on a malware'd computer? It's my understanding that at some point the trezor will sign off on a key which could be stored indefinitely and used by an attacker for further logins. Is this correct?
@romanz romanz self-assigned this Apr 30, 2017
@romanz
Copy link
Owner

romanz commented Apr 30, 2017
edited
Loading

When using public key authentication, the SSH server sends the client a random challenge.
The client should sign it with its secret key, and the server will allow the connection to proceed if it can verify the signature using the client's public key.
If the client's machine has malware, it can only have access to a single signature each time a connection is made - and if the SSH server will send different challenge each time, it can't be used for a replay attack.
Hope this helps :)

@romanz romanz closed this as completed May 6, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@romanz romanz

Labels
question SSH
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@romanz @ananteris