Re: DNS, Man-in-the-middle??

[David <dcorking () yahoo fr>]

On Mon, 11 Aug 2003, Golden_Eternity wrote:

> > On Wed, 06 Aug 2003, Stephen Pedrosa Eilert wrote:
> >
> >
> > > Firewall, called Speaker).  So, I configured the
> > interface manually, using
> > > my ISP's DNS server and tried to SSH to Speaker. To my
> > surprise, the
> > > following message appeared:
>
> You'll usually get a warning like this the first time you connect to
> any SSH server. If you're worried about it, then David's suggestions
> should help... Is this SSH 1 or 2? Last I checked there was no MITM
> attack for SSH 2 (but I've been out of it for a while).

There is a generic MITM for all SSH that works if the user ignores the
warning about an unknown host key.  That is different from the bug
that allows MITM to happen on SSH1 without being noticed by the user.

<FLAME ON> 
If you ignore the warning about the unknown host key, you have almost zero
cryptographic protection.
</FLAME OFF>

David

p.s. G_E I don't know if your message, intended for Stephen - reached the
list.


---------------------------------------------------------------------------
----------------------------------------------------------------------------