Potential SSH2 exploit
Peter W
peterw at usa.net
Fri Jan 11 23:14:20 EST 2002
On Fri, Jan 11, 2002 at 10:00:50AM +0100, Markus Friedl wrote:
> On Thu, Jan 10, 2002 at 01:40:29PM -0600, Dave Dykstra wrote:
> > Maybe the OpenSSH ssh
> > client should retrieve and store both kinds of host keys
>
> not possible.
Well, there *could* be logic like this, right?
if ( key host presents is new ) {
/* we don't know this host, or something has changed, e.g.
maybe they've upgraded from SSH 1.5 to SSH 1.5/2, and now
we're seing the SSH 2 key b/c we prefer protocol 2 --
see how many unknown keys the server offers */
foreach keytype we support {
if ( we don't have such a key for this host ) {
make a bogus/keyscan connection,
show user the fingerprint,
ask if the key should be cached
}
}
}
But I fear that's a bad idea. It would use more bandwidth, you'd
be showing the user three diff fingerprints each time, even though
in most cases they'd never, ever connect w/ anything other than
their preferred SSH revision & the server's preferred key, and then
there's the question of DSA keys & random number generators, right?
That if the pseudo-random number generator stinks, performing a
DSA operation can be dangerous, right? If that's true of simply
scanning for the sshd's DSA key, then IMO it's obvious that trying
to grab all the sshd's keys up front is a bad, bad idea.
Clients should warn about unknown/changed keys (as OpenSSH does) and
users should pay attention to those warnings.
-Peter
More information about the openssh-unix-dev
mailing list