Name based SSH proxy
Dirk-Willem van Gulik
dirkx at webweaving.org
Wed May 27 22:16:14 AEST 2015
> On 27 May 2015, at 14:11, Kasper Dupont <kasperd at fzcpf.25.may.2015.kasperd.net> wrote:
>
> On 27/05/15 12.41, Dirk-Willem van Gulik wrote:
>> One could argue that putting the host name as plain text in the initial unencrypted exchange is leaking something (ignoring the DNS aspect here).
>>
>> As this a) reveals whom you are talking to and b) may be a good trigger/selector for something pen-register/trap/trace.
>>
>> However a bit later in the exchange we get, in the clear, a somewhat finger printable list of possible cyphers supported (Key Exchange Init) is flashed by the server in the clear. Followed a packet later by the Diffie-Hellman Group Exchange Group; which contains the DH modulus in the clear (from the list of some 200 pre calculated safe primes, ?ssh/moduli'; in groups of 40; that are identical but for the last 4 bytes or so).
>>
>> So I guess that that makes not revealing some identifier as to whom you want to talk a bit of a moot point; as a few packets later it is revealed anyway.
>
> Got it. And not to forget the host public key of the server
> is also being sent in clear during the key exchange.
Agreed. In our actual usecase/reason-to-ditch the SNI plan - it was more a worry about moduli being distributed with the OS (like http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/moduli-gen/ <http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/moduli-gen/>) and using that to fingerprint specific releases.
Dw.
More information about the openssh-unix-dev
mailing list