more SSH MITM
James A. Donald
jamesd at echeque.com
Sat Sep 6 13:36:09 PDT 2003
--
James A. Donald:
> > > > Think about what would happen if you tried a man in the
> > > > middle attack on an SSH server.
Eric Murray:
> By checking the key against the IP address of the server.
> This is easily spoofed. The links I included in my last post
> pointed to a tool to do just that (plus MITM the ssh
> protocol).
Not it is not.
> But even worse, there is no way to ensure that the key the
> client has is really the server's key in the first place. The
> client gets that key the first time it connects....the user
> is shown a fingerprint of the key and asked to type 'yes' if
> the user thinks that it's the server's key.
For this to happen, the attacker must solicit the the victim to
log on to a site he has never logged onto before, or redirect
him to logon to a site he has never logged onto before. In
this situation, the SSH uncertified public keys work far better
than Verisign's certified keys -- for example the spam email
urging us to log on to "e-golb.com" or "e-go1d.com" would fail
if https used ssh style public keys, because the user would get
a "new site" dialog, tipping him off that something was up, and
that he should check what is going on.
Thus under this attack, ssh uncertified keys work far better
than https certified keys.
> What the user is supposed to do here is to have obtained the
> key or its fingerprint in a secure fashion outside the ssh
> protocol. But very few people do. They just type 'yes' and
> accept it. Hence my original statement.
Far safer to do that than to rely on https certified keys, as
lots of people discovered who logged into "e-go1d.com" or
"BankOpAmerica.com"
> This makes a MITM attack easy, the attacker simply needs to
> have his attack in place when the victim expects the server
> to have a new key.
The victim never expects the server to have a new key, and in
the unlikely event he did expect it the out of band mechanism
notifying him of the new key is under the sites control, not
the attackers.
All these attacks that you confidently declare are supposedly
so easy on ssh also work against https, and work a great deal
better.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
yAguzlpuklHQyVv9VSbkoIWDQYXm/25Gqmt7qnEG
4IYMTLFaNCAaKYXvO9t7lJdAG8LlfXr2/TYbrx58W
More information about the Testlist
mailing list