Potential SSH2 exploit

Markus Friedl markus at openbsd.org
Fri Jan 11 20:08:58 EST 2002


On Thu, Jan 10, 2002 at 01:40:29PM -0600, Dave Dykstra wrote:
> I comment out the RSA key in sshd_config and restart
> the server, then the next time the client connects it warns that a new key
> is being added and adds a ssh-dss line to known_hosts.

Are you sure that ssh just warns and automatically adds the key?

I get this:

% ssh  bla -p1234
The authenticity of host 'bla (10.1.1.1)' can't be established.
DSA key fingerprint is 5a:c9:15:95:a2:4f:0a:42:99:8c:63:92:06:36:b4:8d.
Are you sure you want to continue connecting (yes/no)? ^C
% 

So I don't see a new potential for a MITM attack,
MITM is always possible if ssh says:
	The authenticity of host 'XXXX' can't be established.

(however, ssh could try to list all known keys for this host)



More information about the openssh-unix-dev mailing list