ssh - no added security?

Ronan KERYELL Ronan.Keryell at
Wed Mar 26 19:45:53 CET 2003

>>>>> On Tue, 25 Mar 2003 17:09:39 +0100, Sune Rastad Bahn <srb at> said:

    Sune> Another problem is that it is the kernel which mounts the
    Sune> nfsroot.  So, either you have to compile the encryption into the
    Sune> kernel or make a very large initrd so you can start up ssh from
    Sune> that.  Anyway you still have the problem that the kernel is from
    Sune> tftp which as the name say is a very trivial (and hence very
    Sune> insecure) protocol, leaving plenty of space for an attacker to
    Sune> fool you machine into using his kernel instead of your own. You
    Sune> have to figure out some very clever boot process to avoid that!
    Sune> Basically you need to have security build in already in the boot
    Sune> process, which means no PXE/dhcp, no bootp etc.. you'll probably
    Sune> end up booting from a cd... so why use fai in the first place?

Adding digital signature to dhcp using an optional field could be
possible plus some ciphered information in other fields.

Enough to boot a kernel with IPsec in it.

Well, where the initial secrete key come from at boot ? Hum, TCPA or
some other stuff is a begining... :-) Just a specialized PXE rom or BIOS
could do the job if we don't think the intruder will use a logic analyzer
against the client. :-)

For more French parnoid :
but the bibliography point to some English papers.
    Ronan KERYELL              |\/  Tel:    (+33|0)
    Labo Informatique Télécom  |/)  Fax:    (+33|0)
    ENST Bretagne, BP832       K    GSM:    (+33|0)
    29285 PLOUZANE CEDEX       |\   E-mail: Ronan.Keryell at
    FRANCE                     | \

More information about the linux-fai mailing list