Subject: Re: Proposal: Disable SSHd Protocol v1 by Default (WAS: Re: ssh config path change (/etc -> /etc/ssh))
To: None <tls@rek.tjls.com>
From: Johan A. van Zanten <johan@ewranglers.com>
List: tech-security
Date: 03/14/2002 16:37:56
---In message <20020314211410.GA13302@rek.tjls.com>

>Uh, beg pardon, but there is a man-in-the-middle attack possible on *any*
>protocol that uses public-key authentication, when the key for the other
>end cannot be validated.  This is as true of SSHv2 as it is of SSHv1; it
>could be overcome by using PKI but nobody has done that.
>
>It would be foolish in the extreme to assume that using v2 protects you
>against this _general vulnerability of public-key authentication systems_
>when, in fact, it does not.  If you can't verify the other end's key, you
>are vulnerable to a man-in-the-middle attack, period -- whether you can
>use "dsniff" to exploit that vulnerability or not.

That all types of PK authentication is vulnerable to MITM attacks is a
very good point.

However, when deciding whether or not to make v1 disabled in the NetBSD
default config., should we not take into account that there is a
currently-available tool (dsniff) which can be used against v1 but not v2?

 Of course, a tool may very well soon appear to be used against v2.

 There is also the config keyword "StrictHostKeyChecking" which helps
prevent against these sorts of attacks.  But making this the default is
bound to cause some confusion and trouble for people unfamiliar with
setting up SSH, just as limiting the protocol to v2 will. 

 But i think one issue we are discussing here is risk versus convenience,
so i would advocate consideration of making this a default config setting,
as well.
 
Here is the section of ssh(1) related to it:

     StrictHostKeyChecking
          If this flag is set to ``yes'', ssh will never automat-
          ically  add  host  keys  to  the $HOME/.ssh/known_hosts
          file, and refuses to connect to hosts  whose  host  key
          has  changed.  This provides maximum protection against
          trojan horse attacks, however, can be annoying when the
          /etc/ssh/ssh_known_hosts  file is poorly maintained, or
          connections to new hosts  are  frequently  made.   This
          option  forces  the user to manually add all new hosts.
          If this flag is set to ``no'', ssh  will  automatically
          add  new  host  keys to the user known hosts files.  If
          this flag is set to ``ask'',  new  host  keys  will  be
          added  to the user known host files only after the user
          has confirmed that is what they really want to do,  and
          ssh  will refuse to connect to hosts whose host key has
          changed.  The host keys of known hosts will be verified
          automatically  in  all  cases.   The  argument  must be
          ``yes'', ``no'' or ``ask''.  The default is ``ask''.


 --johan