[26329] in bugtraq
Re: SSH Protocol Trick
daemon@ATHENA.MIT.EDU (Markus Friedl)
Thu Jul 25 17:50:49 2002
Date: Wed, 24 Jul 2002 23:44:14 +0200
From: Markus Friedl <markus@openbsd.org>
To: auto458545@hushmail.com
Cc: bugtraq@securityfocus.com
Message-ID: <20020724214414.GA30290@folly>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200207222343.g6MNhfY13217@mailserver4.hushmail.com>
> SSH Protocol Weakness Advisory Monday, July 22 2002 - rtm
It's not really a protocol weakness, it's an annoyance caused by
the fact that there are multiple type of hostkeys, see the
discussion at
http://marc.theaimsgroup.com/?t=101069210100016&r=1&w=4
Ssharp uses clever tricks to attack users by exploiting this
annoyance. However, a MITM attack is always possible if the ssh
client prints:
The authenticity of host 'jajajaja' can't be established.
The client in the next OpenSSH release will print out all known
keys for a host if a server (or MITM) sends an unknown host key
of a different type.
E.g. if you connect to a host with protocol v2 for the first
time, then the client warns you if you already have a key
for protocol v1, and so on.
That said, I'd like to repeat:
A MITM attack is always possible if the ssh client prints:
The authenticity of host 'jajajaja' can't be established.
So better verify the key fingerprints.
Moreover, protocol version 2 with public key authentication allows
you to detect MITM attacks.
