Potential SSH2 exploit

Austin Gonyou austin at coremetrics.com
Fri Jan 11 07:00:34 EST 2002


I might have to agree with this thought. It does leave a pretty wide
open hole it seems for now. I only use One key type in my network
end-to-end, but if I were to use 2, it is possible. How could this be
stopped. 

On Thu, 2002-01-10 at 13:40, Dave Dykstra wrote:
> I just noticed (at least on OpenSSH 3.0p1) that even though I have both
> RSA
> and DSA keys available in sshd_config on a server, only a ssh-rsa line
> shows up in known_hosts on the client side, not a ssh-dss line (that
> priority may come from the fact that my RSA key is listed before my DSA
> key
> in sshd_config).  If I comment out the RSA key in sshd_config and
> restart
> the server, then the next time the client connects it warns that a new
> key
> is being added and adds a ssh-dss line to known_hosts.
> 
> Isn't that a potential opening for a man-in-the-middle exploit?
> Somebody
> could take over a DNS name, offer only a DSA key, and forward traffic to
> the real host.  SSH users expect that once they've established the
> identity
> of a host they're safe from man-in-the-middle exploits so they may gloss
> over the warning of an additional key being added.  Maybe the OpenSSH
> ssh
> client should retrieve and store both kinds of host keys if they're
> missing
> from known_hosts and the server has them available.  I don't know if
> that
> would take a protocol change or not but I doubt it because ssh-keyscan
> has
> the ability to scan for both rsa and dsa keys at the same time (and be
> sure
> to scan for both if you do use it!).
> 
> - Dave Dykstra
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
-- 
Austin Gonyou
Systems Architect, CCNA
Coremetrics, Inc.
Phone: 512-698-7250
email: austin at coremetrics.com

"It is the part of a good shepherd to shear his flock, not to skin it."
Latin Proverb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020110/60a4245c/attachment.bin 


More information about the openssh-unix-dev mailing list