Bugtraq mailing list archives

Re: SSH Protocol Trick

From: Mikael Olsson <mikael.olsson () clavister com>
Date: Tue, 23 Jul 2002 22:46:48 +0200



auto458545 () hushmail com wrote:


It is servers which advertise this compatibility mode of 1.99 which are 
vulnerable to the attack. Servers in compatability mode have both 
protocols 1 and 2 enabled.


Just pointing out a small mistake here: running servers in compatibility
mode is NOT what causes the problem, and the reverse is also true:
running a server in forced v1 or v2 mode doesn't help.

If you want a "workaround", it'd be forcing all your SSH clients to use
a specific SSH version, but that's seldom a viable alternative.

Then again, the best solution is probably educating all your users to
always verify host fingerprints (hahahaha) or forcing public key auth
instead of password auth (usually more viable) in your servers. People
are more likely to notice "public key auth failed" rather than the old
"new host key" message.

-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com

"It's July. I'm on vacation. Can't you tell? :)"

Current thread:

SSH Protocol Trick auto458545 (Jul 22)
- Re: SSH Protocol Trick H D Moore (Jul 22)
- Re: SSH Protocol Trick stealth (Jul 23)
  - Message not available
    - Re: SSH Protocol Trick stealth (Jul 23)
- Re: SSH Protocol Trick Mikael Olsson (Jul 23)
- Re: SSH Protocol Trick Markus Friedl (Jul 25)