Name based SSH proxy

Dirk-Willem van Gulik dirkx at webweaving.org
Wed May 27 19:07:22 AEST 2015


> On 26 May 2015, at 23:42, Kasper Dupont <kasperd at kdxdx.23.may.2015.kasperd.net> wrote:
> 
> On 26/05/15 15.50, Daniel Kahn Gillmor wrote:

>> The argument that the DNS lookup leaks this metadata is a bad argument:
>> if we followed this line of reasoning, then every problem that has
>> multiple contributors could never be solved (A says "but my fixing
>> things is useless if B does nothing", while B says "but my fixing things

As a practical suggestion - we ran for a while with a hack where we abuse the version human readable string with a
base64 string of a _salted_ hash of the server we where trying to get to. 

Sharing both salt and hash.

This let the server figure out the right key to present without too much ado; but without leaking all that much*.  The idea was to make it a tiny bit more costly to get a decent selector really early in a connection.

However - as keeping a few 10’s of packets in state is no longer that costly; key init and exchange always start at a packet; And the DH modulus (identical but for its last for bytes) in the DH group exchange (31) and what not follow soon thereafter; it seems all a bit superfluous.

Dw.

*; Except of course - the fairly unqiue Key Kexchange Init and then the very unique Key Exchange Init of the server following in the clear - so one has to be careful with these; or intentionally reuse them. Which is why it fell in disuse soon thereafter.




More information about the openssh-unix-dev mailing list