Steve Bellovin: ssh2 mitm attack?

To: ietf-ssh%netbsd.org@localhost
Subject: Steve Bellovin: ssh2 mitm attack?
From: Bill Sommerfeld <sommerfeld%east.sun.com@localhost>
Date: Fri, 26 Jul 2002 15:55:23 -0400

[before anyone panics, this is a variant on the "hijack the connection
and substitute a different host key".

The problem described here is that at least some implementations
effectively maintain separate host key databases per (host key
algorithm, major protocol revision) pair, so that you get the
non-scary "no host key known" user prompt rather than the scary "host
key has changed" when a man-in-the-middle attacker does an
upgrade/downgrade/host key algorithm change.

					- Bill]
				
------- Forwarded Message

X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4
From: Steve Bellovin <smb%research.att.com@localhost>
To: sommerfeld%eng.sun.com@localhost
Subject: ssh2 mitm attack?
Cc: jis%mit.edu@localhost
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 25 Jul 2002 07:48:54 -0400
Message-Id: <20020725114855.358CD7B4D%berkshire.research.att.com@localhost>
Content-Length: 363

Bill, have a look at http://www.phrack.org/show.php?p=59&a=11http://www.phrack.org/show.php?p=59&a=11
and in particular at the ssh2-only attack.  Are any changes to the 
drafts necessary?  (I haven't had a chance to read them in light of 
this advisory.)

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com ("Firewalls" book)



------- End of Forwarded Message

Follow-Ups:
- Re: Steve Bellovin: ssh2 mitm attack?
  - From: Dave Dykstra

Prev by Date: I-D ACTION:draft-ietf-secsh-gsskeyex-04.txt
Next by Date: Re: Steve Bellovin: ssh2 mitm attack?
Previous by Thread: I-D ACTION:draft-ietf-secsh-gsskeyex-04.txt
Next by Thread: Re: Steve Bellovin: ssh2 mitm attack?
Indexes:

Home | Main Index | Thread Index | Old Index