ssh password stored in clear text

Comments

5 comments

  • Avatar
    Chris Hewitt

    Thank you for the reply. I think we are going to agree to disagree.

    Of course a malicious actor would block the ssh password upgrade function (like I did in a personal POC).

    You might want to consider how this is counter to NIST 800-63B.8 and other standards.

     

    1
    Comment actions Permalink
  • Avatar
    FF

    I would concur with Chris, this is actually a show stopper for deployment of firewalla within regulated industries and something that I would qualify as "uncomfortable" for home use.

     

    if the purpose would be to "display it in the app at reset time", then why saving it at all in the file??? you can just have the system generate the cleartext string, hash it on the gold, encrypt the cleartext to send it to the app and let the app decrypt it to display. (even better pass an encrypted image of the password)... in any cases, there is no point in saving it in cleartext on the filesystem.

    1
    Comment actions Permalink
  • Avatar
    FF

    not 100% what you mean by polled but assuming that it looks like:

    1. user ask the app to reset the password then to display it on the screen.
    2. the app makes a call over https to the firewalla appliance using 2-way ssl to ask to reset the password and provide it to the app
    3. the firewalla reset its password and send it back over the 2-way ssl channel to the app
    4. the app stores it in memory on the phone and and when asked display it
    • why can't the firewalla encrypt the password on the file with a public key provided by the firewalla app call in (2)
    • that way it is stored locally encrypted on the appliance ?

     

     

     

    1
    Comment actions Permalink
  • Avatar
    Firewalla

    There are two issues here.

    1. SSH password is clear text.  This is needed in case you need to ssh into the box, hence, we need a way to display that to you.   Storing it in a clear text format shouldn't be a risk; the reason is, the system is a single-user system, the only way to extract that password is get to it physically.  

    2. When you close the support access, the SSH password is regenerated, and also the physical connection is also closed.  So without your permission to activate the support connection and give us the password + connection ID, there is no way for support to get into the system.

     

     

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    @FF the solution will not work, our system is polled ... meaning app needs to start to get the password.   

    But in the latest version, you now have the option to turn off SSH access per segment. 

    -1
    Comment actions Permalink

Please sign in to leave a comment.