AFS and tokenforwarding

Tom Holroyd tomh at
Fri Oct 5 11:24:04 EST 2001

On Thu, 4 Oct 2001, Markus Friedl wrote:

> > A masquerading server can always
> > forward the authentication information to the real server and use that
> > response as a legitimate reply. Thus you may still be passing
> > credentials down to an impostor. Either way you do it, you can always
> > be fooled. A similar problem exists with the common "pass passwords in
> > the clear" methods used by ssh. Hopefully this is fixed in v2 but I
> > never really bothered to check.
> same thing can happen in ssh v2 unless you use pubkey authentication.
> successful pubkey authentication is only possible if there is no MITM.

Oh, also with SRP, a MITM can forward the auth session but he gains
nothing by it; SRP doesn't leak information (not even password length).
(Well, if he does a MITM attack against the initial DH he can get your

More information about the openssh-unix-dev mailing list