WordPress.org

Ready to get started?Download WordPress

Forums

SSH SFTP Updater Support
Key upload over HTTP is a security risk (2 posts)

  1. edam
    Member
    Posted 8 months ago #

    This plugin allows users to upload their SSH private keys over insecure HTTP connections. This is a really bad idea! If the account has shell access, they'd basically be handing over access to it to their network admins, the ISP, the government and anyone else who happens to be listening!

    Over HTTP connections, wouldn't it be a better idea to encourage the user to:
    a) upload a private key to the server as a random-named file (or otherwise being careful not to expose the key) and set FTP_PRIKEY,
    b) copy their existing ~/.ssh/id_rsa to their webroot as a random-named file (or otherwise being careful not to expose the key) and chmod go+r, or
    c) enable HTTPS
    and only let the user proceed over HTTP when they have acknowledged that they are aware of and want to ignore the gaping security risks of their actions?

    http://wordpress.org/plugins/ssh-sftp-updater-support/

  2. TerraFrost
    Member
    Plugin Author

    Posted 8 months ago #

    To extend this logic further, why not disable even password auth when it's done over http? Of course at that point this plugin wouldn't really be usable to people using http. That said, I suppose you do address this with your last line:

    only let the user proceed over HTTP when they have acknowledged that they are aware of and want to ignore the gaping security risks of their actions?

    I guess that could be done. idk. It's not super high on my priority list atm. Want to submit a patch?

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.