Is this able to utilize my ssh config? #97
Comments
|
and yeah, I was assuming I would need to deal with ssh launched as root - but figured I would deal with those details once I saw how ssh is launched |
|
Interesting that you ask about it now. This behaviour can lead to privilege escalation quite easily. The reason for that is that the plugin runs as root, yet your config can be modified by you and you can specify arbitrary commands to run in it. This is... undesirable. I'm still thinking of a good solution for that, but at the moment, I would recommend to not allow that. What do you think? |
|
it's been a while since I actually asked, but if your main process runs as root you can run the ssh process itself as the user. in which case the risk exist only if the user specified that the connection is to be shared with other users (which you should warn them not to do, maybe even prevent if you can... I'm not that familiar with the innards of network manager, but I an a heavy ssh user and just won't use anything that can't utilize my extensive configs)
On Feb 16, 2020 13:09, Dan Fruehauf <[email protected]> wrote:
Interesting that you ask about it now. This behaviour can lead to privilege escalation quite easily. The reason for that is that the plugin runs as root, yet your config can be modified by you and you can specify arbitrary commands to run in it. This is... undesirable. I'm still thinking of a good solution for that, but at the moment, I would recommend to not allow that.
What do you think?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<#97?email_source=notifications&email_token=AAD5NX4SUTKDQKNRS2BS7ZDRDF6OTA5CNFSM4JB3ZYF2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEL4N6OA#issuecomment-586735416>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAD5NXYVBKRZRFGNI2V6QTLRDF6OTANCNFSM4JB3ZYFQ>.
|
|
it's been a while since I actually asked, but if your main process runs as root you can run the ssh process itself as the user. in which case the risk exist only if the user specified that the connection is to be shared with other users (which you should warn them not to do, maybe even prevent if you can... I'm not that familiar with the innards of network manager, but I an a heavy ssh user and just won't use anything that can't utilize my extensive configs) if this is coming out multiple times blame the github android app |
That would be quite difficult to do. I don't think nm will really allow me to intervene with things in that level, as a plugin maintainer.
That is a problem, as you need root privleges (or at least CAP_NET_ADMIN) to open new network devices (tun/tap), hence, it needs to run privileged. I tried to play with capabilities and perhaps just leave CAP_NET_ADMIN and run as a regular user (reduce privileges), but that didn't work out very well, so I had to remove the feature of "free hand" options altogether... |
|
So this is also an issue for me. I try to connect to a remote machine via a jump host, like When using An alternative would be to use |
|
I'd classify it as a bug, yes. Unfortunately I've been hammered with life and work recently, and have very little time to get to nm-ssh 😢 |
Fedora 30
Trying to utilize a working entry in my ssh config and getting
final secrets request failed to provide sufficient secretsI set to use ssh agent but the underlyingsshprocesses is never executedI was going to debug assuming ssh is launched then fails - but straced from a wrapper to /usr/libexec/nm-ssh-service and the only
exe*calls wereif you dont actually execute ssh, how can you know that there are secrets missing?
The text was updated successfully, but these errors were encountered: