"The End of SSL and SSH?"

["Perry E. Metzger" <perry () PIERMONT COM>]

Kurt Seifried in an article on SecurityPortal shrilly entitled "The
End of SSL and SSH?" claims that SSH needs a PKI to be secure.

The claim is that because people have built man-in-the-middle attack
software (see http://www.monkey.org/~dugsong/dsniff/) that can
intercept SSH sessions, that SSH is insecure. After all, if a MITM
attack happens, the user will be informed of this, and since the user
can choose to ignore the warning that a host key has changed and log
in, SSH must be fatally flawed. Without a PKI, Seifried claims, there
is no way to know if a host key is authentic.

This argument makes absolutely no sense to me.

The problem is simply one of the user interface allowing a user to
ignore a security failure. If a remote login utility using a PKI
prompted the user with "host key is not certified, log in anyway?", it
would be no better than SSH implementations. If A kerberized remote
login utility prompted a user with "remote key is incorrect, log in
anyway", it too would be no better.

If this is truly the extent of the flaw Mr. Seifried things requires a
full PKI to fix, I'd like to know why setting

StrictHostKeyChecking yes

isn't a near-complete fix to the "End of SSH" Mr. Seifried predicts.


Perry Metzger