freebsd security - Nov 2011 - Possible pam_ssh bug?

I have a shell user who is able to login to his accounts via sshd on FreeBSD 8.2
using any password. The user had a .ssh/id_rsa and .ssh/id_rsa.pub key pair
without a password but nullok was not specified, so I think this should be
considered a bug.

During diagnosis, /etc/pam.d/sshd was configured for authentication using: 

-------------
auth            required      pam_ssh.so              no_warn try_first_pass
-------------

I enabled _openpam_debug in pam_ssh and found this during a login via sshd to
the user's account:

-------------
Nov 15 09:51:53 fbsd8-i386 sshd[52853]: in pam_ssh_load_key(): failed to load
key from /home/targetuser/.ssh/identity
Nov 15 09:51:53 fbsd8-i386 sshd[52853]: in pam_ssh_load_key(): loaded
'/home/targetuser/.ssh/id_rsa' from /home/targetuser/.ssh/id_rsa
Nov 15 09:51:53 fbsd8-i386 sshd[52853]: in pam_ssh_load_key(): failed to load
key from /home/targetuser/.ssh/id_dsa
Nov 15 09:51:53 fbsd8-i386 sshd[52853]: in pam_sm_acct_mgmt(): Got user:
targetuser
Nov 15 09:51:53 fbsd8-i386 sshd[52853]: in pam_sm_acct_mgmt(): Got user:
targetuser
Nov 15 09:51:53 fbsd8-i386 sshd[52853]: in pam_sm_acct_mgmt(): Checking
login.access for user targetuser from host 172.16.1.240
Nov 15 09:51:53 fbsd8-i386 sshd[52853]: in pam_sm_acct_mgmt(): Got user:
targetuser
Nov 15 09:51:53 fbsd8-i386 sshd[52853]: in pam_sm_acct_mgmt(): Got login_cap
-------------

The view from the client machine during the login:

-------------
client:/usr/src/lib/libpam/modules/pam_ssh (557) ssh targetuser@fbsd8-i386
SSH passphrase: 
Last login: Tue Nov 15 08:39:28 2011 from 172.16.2.218
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
	The Regents of the University of California.  All rights reserved.

FreeBSD 8.2-RC3 (GENERIC) #0: Sat Jan 29 19:26:23 CST 2011
-------------

So, it asked for the target user's passphrase and successfully authenticated
with any password. I understand what happened but I'm rather astonished by
the result - I would not have expected pam_ssh to have succeeded on a
passwordless key file when a password was required in the pam configuration
file, based on the pam_ssh.8 man page:

     nullok          Normally, keys with no passphrase are ignored for authen-
                     tication purposes.  If this option is set, keys with no
                     passphrase will be taken into consideration, allowing the
                     user to log in with a blank password.


Thoughts?

Thanks,
Guy Helmer

--------
This message has been scanned by ComplianceSafe, powered by Palisade's
PacketSure.

Guy Helmer <guy.helmer@palisadesystems.com>
writes:
> I have a shell user who is able to login to his accounts via sshd on
> FreeBSD 8.2 using any password. The user had a .ssh/id_rsa and
> .ssh/id_rsa.pub key pair without a password but nullok was not
> specified, so I think this should be considered a bug.
Agreed.  Not quite sure how to fix it, but I'll look into it and try to
get a patch in before 9.0.

DES
-- 
Dag-Erling Sm?rgrav - des@des.no

Guy Helmer <guy.helmer@palisadesystems.com>
writes:
> I have a shell user who is able to login to his accounts via sshd on
> FreeBSD 8.2 using any password. The user had a .ssh/id_rsa and
> .ssh/id_rsa.pub key pair without a password but nullok was not
> specified, so I think this should be considered a bug.
It turns out that this goes all the way to OpenSSL, which ignores the
passphrase if the key is not encrypted.  The only solution I can think
of - more of a workaround, really - is to first try to load the key with
an empty passphrase, and skip the key if that worked.  See the attached
(untested) patch.

A more advanced patch would load all keys but require at least one of
them to have a passphrase.

DES
-- 
Dag-Erling Sm?rgrav - des@des.no

-------------- next part --------------
A non-text attachment was scrubbed...
Name: pam_ssh_nullok.diff
Type: text/x-patch
Size: 1621 bytes
Desc: not available
Url :
http://lists.freebsd.org/pipermail/freebsd-security/attachments/20111115/7a9369ba/pam_ssh_nullok.bin