Disabling Password-based auth? (was RE: recent breakins)

Dave Dykstra dwd at bell-labs.com
Tue Jun 5 01:34:42 EST 2001


On Sat, Jun 02, 2001 at 04:26:54PM +0900, Tom Holroyd wrote:
...
> Dykstra's problem can be solved, too.  As he mentioned, a clever trojan
> could still be built -- it wouldn't get the password but it could still
> insert commands into the outgoing channel that would backdoor the user's
> account, or forward the established connection to an active attacker; BUT,
> if the authentication used forwarded SRP, _and_ if the session keys were
> switched to the new shared secret generated as a byproduct of the SRP
> authentication, then the MITM would get zilch.

I can't think of a fundamental reason why that wouldn't work; I would look
at the MITM host at that point like any untrusted network element such as a
router.  However, it seems to me that it would be a rather drastic change
to the SSH implementation and protocol.  You can't simply change the
session key of the existing session because you need be able to revert back
to it when the forwarded session completes.  Or, perhaps the forwarded
session will be run in the background and multiple other forwarded sessions
started in parallel.  I'm not very familiar with the SSH 2 protocol
specification, but as far as I know there's no precedent for keeping more
than one encrypted session going to different servers in the same client.
I don't think it's worth doing -- people just shouldn't connect from lesser
trusted hosts to more trusted hosts.

- Dave Dykstra



More information about the openssh-unix-dev mailing list