Potential SSH2 exploit
Markus Friedl
markus at openbsd.org
Fri Jan 11 23:24:40 EST 2002
On Fri, Jan 11, 2002 at 07:14:20AM -0500, Peter W wrote:
> On Fri, Jan 11, 2002 at 10:00:50AM +0100, Markus Friedl wrote:
> > On Thu, Jan 10, 2002 at 01:40:29PM -0600, Dave Dykstra wrote:
>
> > > Maybe the OpenSSH ssh
> > > client should retrieve and store both kinds of host keys
> >
> > not possible.
>
> Well, there *could* be logic like this, right?
won't happen.
> if ( key host presents is new ) {
> /* we don't know this host, or something has changed, e.g.
> maybe they've upgraded from SSH 1.5 to SSH 1.5/2, and now
> we're seing the SSH 2 key b/c we prefer protocol 2 --
> see how many unknown keys the server offers */
> foreach keytype we support {
> if ( we don't have such a key for this host ) {
> make a bogus/keyscan connection,
no, you don't want to do all the algorithm
negotiation again.
> show user the fingerprint,
> ask if the key should be cached
> }
> }
> }
i'd rather have
if (key is new) {
print all known keys for this host
ask if key should be accepted.
}
> But I fear that's a bad idea. It would use more bandwidth, you'd
> be showing the user three diff fingerprints each time, even though
> in most cases they'd never, ever connect w/ anything other than
> their preferred SSH revision & the server's preferred key, and then
> there's the question of DSA keys & random number generators, right?
> Clients should warn about unknown/changed keys (as OpenSSH does) and
> users should pay attention to those warnings.
yes, since OpenSSH already warns, i don't see big issue here.
More information about the openssh-unix-dev
mailing list