[40030] in North American Network Operators' Group
Re: telnet vs ssh on Core equipment , looking for reasons why ?
daemon@ATHENA.MIT.EDU (fingers)
Tue Jul 31 11:40:08 2001
Date: Tue, 31 Jul 2001 17:38:02 +0200 (SAST)
From: fingers <fingers@fingers.co.za>
To: <alex@yuriev.com>
Cc: "Stephen J. Wilcox" <steve@opaltelecom.co.uk>,
"Mr. James W. Laferriere" <babydr@baby-dragons.com>,
<nanog@merit.edu>
In-Reply-To: <Pine.LNX.3.96.1010731103720.29579F-100000@cathy.uuworld.com>
Message-ID: <20010731173731.O6051-100000@snow.fingers.co.za>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
Hi
> Pardon for blowing your bubble but sniffing ssh keyexchange does not do you
> any good. The symmetric key is exchanged via a channel aready secured. The
> keys that is used to secure the channel used to exchange the symmetric key
> are exchanged via DH-based protocol. If you want to spend your time
> factoring primes for next 500 years to extract the key, you are more than
> welcome to try. It is crypto-101.
ssh1 keys can be sniffed easily enough with things like ettercap and the
like. Last I checked, it couldn't do ssh2, dunno what the status is
now....
--Rob
