|
| Using Agent forwarding (Pageant) with SFTP File Transfer Act | |
Joined: 03 Jan 2007 |
Posts: 11 |
|
|
|
Posted: Sun Jun 01, 2008 9:39 am |
|
|
|
|
|
dmitri wrote: | it sounds like you want this feature to be added |
That would be great!
Thanks,
David
|
|
|
| | |
|
| | |
Joined: 03 Jan 2007 |
Posts: 11 |
|
|
|
Posted: Wed Jun 04, 2008 5:22 pm |
|
|
|
|
|
dmitri wrote: | are you talking about this:
PuTTY-Agent (pageant.exe) is a process which runs in the background and listens for "requests" from PuTTY clients needing your private key.
I'm not sure if there is any reason to use it. Why not just plain files with private keys? If pageant allows another processes to read the keys, it only mimics security and misleading you. |
Here is the reasoning from the PuTTY documentation:
Quote: | Using Pageant for public-key authentication gives you the convenience of being able to open multiple SSH sessions without having to type a passphrase every time, but also gives you the security benefit of never storing a decrypted private key on disk. Many people feel this is a good compromise between security and convenience.
It is a compromise, however. Holding your decrypted private keys in Pageant is better than storing them in easy-to-find disk files, but still less secure than not storing them anywhere at all. This is for two reasons:
* Windows unfortunately provides no way to protect pieces of memory from being written to the system swap file. So if Pageant is holding your private keys for a long period of time, it's possible that decrypted private key data may be written to the system swap file, and an attacker who gained access to your hard disk later on might be able to recover that data. (However, if you stored an unencrypted key in a disk file they would certainly be able to recover it.)
* Although, like most modern operating systems, Windows prevents programs from accidentally accessing one another's memory space, it does allow programs to access one another's memory space deliberately, for special purposes such as debugging. This means that if you allow a virus, trojan, or other malicious program on to your Windows system while Pageant is running, it could access the memory of the Pageant process, extract your decrypted authentication keys, and send them back to its master.
|
It is not any more secure than giving a passworded private key to PhpED and typing in the password there, but it is much more convenient for users to have PhpED reference an already in-place defacto key-ring system for Windows. This type of paradigm is widely used in *nix.
|
|
|
| | |
|
| | |
|
| | |
|
| | |
Joined: 03 Jan 2007 |
Posts: 11 |
|
|
|
Posted: Wed Jun 04, 2008 6:06 pm |
|
|
|
|
|
dmitri wrote: | hmm. I don't get your point. With pageant any software can read non-encrypted private key. Do you call this more secure? |
Firstly lets be clear, I am quite sure that PhpED also stores the private key in memory un-encrypted either as soon as you enter your password for the key (if not storing), or when the key is first requested for use and the password is loaded from disk. So in that regards both are equally vulnerable to memory snooping.
However the difference between PhpED and pageant is that with pageant the exposure is limited to the period of time that pageant is running. If pageant is off, or the computer is off nothing is exposed, nothing is stored to disk. If I lose my laptop and I have saved my password in PhpED, or someone else gains access to my hard drive, my password is fully exposed. So yes, in this sense pageant is more secure.
|
|
|
| | |
Site Admin
Joined: 13 Jul 2003 |
Posts: 8351 |
|
|
|
Posted: Wed Jun 04, 2008 6:29 pm |
|
|
|
|
|
Quote: | with pageant the exposure is limited to the period of time that pageant is running |
not exactly, because of swapfile where a copy of the process memory may be found.
Strictly speaking, Windows maps ALL memory (except kernel parts responsible for handling hardware interrupts and paging file manipulation routines) to the swap file and it's only matter of time to get a memory page written to this file. But it's much less predictable than location of the files with known data. So it adds some level of protection.
Quote: | If I lose my laptop |
Thanks, this makes much better sense and explains your worries.
I thought you're protecting from the online attackers
I'll check if support for the pageant can be added. At the first glance it stores private keys in ppk file format which is also not supported in PhpED. It supports keys in file formats that can be recognized by openssl library. Not sure if ppk can be recognized.
|
_________________ The PHP IDE team
|
|
| | |
Joined: 03 Jan 2007 |
Posts: 11 |
|
|
|
Posted: Wed Jun 04, 2008 6:38 pm |
|
|
|
|
|
dmitri wrote: | Quote: | with pageant the exposure is limited to the period of time that pageant is running |
not exactly, because of swapfile where a copy of the process memory may be found.
Strictly speaking, Windows maps ALL memory (except kernel parts responsible for handling hardware interrupts and paging file manipulation routines) to the swap file and it's only matter of time to get a memory page written to this file. But it's much less predictable than location of the files with known data. So it adds some level of protection.
Quote: | If I lose my laptop |
Thanks, this makes much better sense and explains your worries.
I thought you're protecting from the online attackers
I'll check if support for the pageant can be added. At the first glance it stores private keys in ppk file format which is also not supported in PhpED. It supports keys in file formats that can be recognized by openssl library. Not sure if ppk can be recognized. |
Sorry I wasn't more clear about that up front.. it is the offline that I am much more concerned about. You may want to have a look at PuttyGen as well, it is where PPK's can be created, and can also be exported to a regular PEM format. You should be able to grab the PPK from pageant and borrow some code from PuttyGen to do the conversion for you.
Thanks,
David
|
|
|
| | |
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT - 5 Hours
Page 1 of 1
|
|
|
| |