Bugtraq mailing list archives

Re: SSH Protocol Trick

From: Markus Friedl <markus () openbsd org>
Date: Wed, 24 Jul 2002 23:44:14 +0200

SSH Protocol Weakness Advisory Monday, July 22 2002 - rtm


It's not really a protocol weakness, it's an annoyance caused by
the fact that there are multiple type of hostkeys, see the
discussion at
        http://marc.theaimsgroup.com/?t=101069210100016&r=1&w=4

Ssharp uses clever tricks to attack users by exploiting this
annoyance.  However, a MITM attack is always possible if the ssh
client prints:

        The authenticity of host 'jajajaja' can't be established.

The client in the next OpenSSH release will print out all known
keys for a host if a server (or MITM) sends an unknown host key
of a different type.

E.g. if you connect to a host with protocol v2 for the first
time, then the client warns you if you already have a key
for protocol v1, and so on.

That said, I'd like to repeat:

A MITM attack is always possible if the ssh client prints:

        The authenticity of host 'jajajaja' can't be established.

So better verify the key fingerprints.

Moreover, protocol version 2 with public key authentication allows
you to detect MITM attacks.

Current thread:

SSH Protocol Trick auto458545 (Jul 22)
- Re: SSH Protocol Trick H D Moore (Jul 22)
- Re: SSH Protocol Trick stealth (Jul 23)
  - Message not available
    - Re: SSH Protocol Trick stealth (Jul 23)
- Re: SSH Protocol Trick Mikael Olsson (Jul 23)
- Re: SSH Protocol Trick Markus Friedl (Jul 25)