[12980] in bugtraq
Re: sshd1 allows unencrypted sessions regardless of server policy
daemon@ATHENA.MIT.EDU (Markus Friedl)
Wed Dec 15 19:39:59 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19991215231327.A3752@folly.informatik.uni-erlangen.de>
Date: Wed, 15 Dec 1999 23:13:27 +0100
Reply-To: Markus Friedl <markus.friedl@INFORMATIK.UNI-ERLANGEN.DE>
From: Markus Friedl <markus.friedl@INFORMATIK.UNI-ERLANGEN.DE>
X-To: "Michael H. Warfield" <mhw@WITTSEND.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
On Tue, Dec 14, 1999 at 02:35:05PM -0500, Michael H. Warfield wrote:
> On Tue, Dec 14, 1999 at 04:43:32PM +0100, Markus Friedl wrote:
> > Because passphrase-less hostkeys are 'encrypted' with cipher "none"
> > the code for this cipher is always compiled into the programs. This
> > way the client is free to choose "none" and no server will complain.
>
> AFAIK... The passpharse-less host keys are encrypted with 3-DES
> and no password. [...]
Please look at the source.
E.g. ssh-1.2.12/authfile.c reads:
int save_private_key(
[...]
if (strcmp(passphrase, "") == 0)
cipher_type = SSH_CIPHER_NONE;
Older versions may have used a real cipher with key "".
Note also that SSH_CIPHER_NONE is also used for 'encryption' before
client and server have exchanged the session-key.
Many of you disagree with me and are saying that this cipher-none
issue is a non-issue.
But once more I like to point out that this a security problem in
a wider sense as it affects your security _policy_. If you decide
to remove telnet/rlogin and configure ssh with '--without-none' you
still have not disabled cleartext logins. This is not about
bufferoverflows or exploits, this is about your security _policy_,
so it is still a security issue.
Moreover, if a third party manages to replace the (unauthenticated)
server messages "I will accept only ciphers IDEA and 3DES" with "I
will accept only cipher NONE" you don't even need a malicious client.
