[18224] in bugtraq
"The End of SSL and SSH?"
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Wed Dec 20 16:37:02 2000
Message-Id: <877l4w5lzq.fsf@snark.piermont.com>
Date: Tue, 19 Dec 2000 13:01:13 -0500
Reply-To: "Perry E. Metzger" <perry@PIERMONT.COM>
From: "Perry E. Metzger" <perry@PIERMONT.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Dug Song's message of "Mon, 18 Dec 2000 10:18:02 -0500"
Kurt Seifried in an article on SecurityPortal shrilly entitled "The
End of SSL and SSH?" claims that SSH needs a PKI to be secure.
The claim is that because people have built man-in-the-middle attack
software (see http://www.monkey.org/~dugsong/dsniff/) that can
intercept SSH sessions, that SSH is insecure. After all, if a MITM
attack happens, the user will be informed of this, and since the user
can choose to ignore the warning that a host key has changed and log
in, SSH must be fatally flawed. Without a PKI, Seifried claims, there
is no way to know if a host key is authentic.
This argument makes absolutely no sense to me.
The problem is simply one of the user interface allowing a user to
ignore a security failure. If a remote login utility using a PKI
prompted the user with "host key is not certified, log in anyway?", it
would be no better than SSH implementations. If A kerberized remote
login utility prompted a user with "remote key is incorrect, log in
anyway", it too would be no better.
If this is truly the extent of the flaw Mr. Seifried things requires a
full PKI to fix, I'd like to know why setting
StrictHostKeyChecking yes
isn't a near-complete fix to the "End of SSH" Mr. Seifried predicts.
Perry Metzger
