(keith.github.io)

507 points ingve | 1 comments | 18 Sep 25 20:15 UTC | HN request time: 0s | source

Show context

sugarpimpdorsey ◴[18 Sep 25 20:39 UTC] No.45294739[source]▶

Maybe stop using Macs as multiuser servers?

Unavailability of FileVault-mounted home directories when not logged in has been the case since Tiger.

I'm curious - if the OpenSSH config files are not available - how do they start sshd? If the system keys are encrypted, how do they accept connections?

There's a surprising lack of detail here.

replies(4): >>45294817 #>>45294905 #>>45294943 #>>45301003 #

cyberax ◴[18 Sep 25 20:58 UTC] No.45294943[source]▶

>>45294739 #

I think the SSH host keys are in the system partition ('/private' directory)? It's not protected by FileVault.

This leaves out a possibility of a MITM. An attacker can steal the unencrypted machine host keys and pretend to be your computer. And since you're entering a clear-text password, it's easy to sniff.

Moving the host keys into hardware root-of-trust would help. But macOS Secure Enclave barely supports that, and it's also pretty slow.

replies(2): >>45295020 #>>45295324 #

_mikz ◴[18 Sep 25 21:07 UTC] No.45295020[source]▶

>>45294943 #

I have my private keys in Secure Enclave. Why the machine would not have own private keys there?

replies(2): >>45295383 #>>45300066 #

aaroncarson ◴[18 Sep 25 21:42 UTC] No.45295383[source]▶

>>45295020 #

100% - Apple wouldn’t be so stupid as to move the private host keys to an unencrypted partition when the Secure Enclave is _right there_. No way is the Secure Enclave too slow for this - it’s exactly what it’s designed to do!

replies(2): >>45295530 #>>45300058 #

1. davidczech ◴[18 Sep 25 21:59 UTC] No.45295530[source]▶

>>45295383 #

They are encrypted with a SEP key when stored in preboot volume.

↑

Apple: SSH and FileVault