(keith.github.io)

507 points ingve | 1 comments | 18 Sep 25 20:15 UTC | HN request time: 0s | source

Show context

mmaunder ◴[18 Sep 25 20:37 UTC] No.45294710[source]▶

There’s an attack vector in there somewhere.

replies(3): >>45294968 #>>45295595 #>>45300986 #

xoa ◴[18 Sep 25 21:01 UTC] No.45294968[source]▶

Kinda struggling to think of what, beyond the well understood risks of using password-based SSH at all. But that's easily ameliorated by sticking it behind Wireguard or something similar. I think this is a pretty welcome change vs turning off FV entirely which I've had to do with Mac servers in the past.

replies(3): >>45295011 #>>45296172 #>>45301008 #

g-mork ◴[18 Sep 25 23:16 UTC] No.45296172[source]▶

>>45294968 #

1) steal computer,

2) copy unencrypted SSH host key from it to a new computer (which necessarily must not be stored in the data volume), configured with the network identity of original computer

3) leave new computer in place of original to capture remote SSH-to-unlock attempt

4) use knowledge of password to unlock original's filevault at your leisure somewhere offsite

replies(1): >>45296355 #

1. johncolanduoni ◴[18 Sep 25 23:42 UTC] No.45296355[source]▶

>>45296172 #

I’m not sure if they do this, but nothing would stop Apple from putting the SSH host key in the Secure Enclave. This would prevent the extract the SSH host (private) key step.

↑

Apple: SSH and FileVault