IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Steve Bellovin: ssh2 mitm attack?



[before anyone panics, this is a variant on the "hijack the connection
and substitute a different host key".

The problem described here is that at least some implementations
effectively maintain separate host key databases per (host key
algorithm, major protocol revision) pair, so that you get the
non-scary "no host key known" user prompt rather than the scary "host
key has changed" when a man-in-the-middle attacker does an
upgrade/downgrade/host key algorithm change.

					- Bill]
				
------- Forwarded Message

X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4
From: Steve Bellovin <smb%research.att.com@localhost>
To: sommerfeld%eng.sun.com@localhost
Subject: ssh2 mitm attack?
Cc: jis%mit.edu@localhost
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 25 Jul 2002 07:48:54 -0400
Message-Id: <20020725114855.358CD7B4D%berkshire.research.att.com@localhost>
Content-Length: 363

Bill, have a look at http://www.phrack.org/show.php?p=59&a=11http://www.phrack.org/show.php?p=59&a=11
and in particular at the ssh2-only attack.  Are any changes to the 
drafts necessary?  (I haven't had a chance to read them in light of 
this advisory.)

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com ("Firewalls" book)



------- End of Forwarded Message




Home | Main Index | Thread Index | Old Index