From owner-freebsd-security@FreeBSD.ORG Tue Jun 26 02:20:36 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53]) by hub.freebsd.org (Postfix) with ESMTP id 54A25106564A for ; Tue, 26 Jun 2012 02:20:36 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from opti.dougb.net (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id CE049152282; Tue, 26 Jun 2012 02:20:35 +0000 (UTC) Message-ID: <4FE91C73.8040500@FreeBSD.org> Date: Mon, 25 Jun 2012 19:20:35 -0700 From: Doug Barton Organization: http://SupersetSolutions.com/ User-Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:13.0) Gecko/20120624 Thunderbird/13.0.1 MIME-Version: 1.0 To: Garrett Wollman References: <86zk7sxvc3.fsf@ds4.des.no> <20120625023104.2a0c7627@gumby.homeunix.com> <86pq8nxtjp.fsf@ds4.des.no> <20120625223807.4dbeb91d@gumby.homeunix.com> <4FE8DF29.50406@FreeBSD.org> <20120625235310.3eed966e@gumby.homeunix.com> <4FE8F814.5020906@FreeBSD.org> <20120626015323.02b7f348@gumby.homeunix.com> <4FE9094A.4080605@FreeBSD.org> <20120626024624.4c333bd2@gumby.homeunix.com> <4FE916AA.6050503@FreeBSD.org> <20457.6828.250844.390589@hergotha.csail.mit.edu> In-Reply-To: <20457.6828.250844.390589@hergotha.csail.mit.edu> X-Enigmail-Version: 1.4.2 OpenPGP: id=1A1ABC84 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jun 2012 02:20:36 -0000 On 06/25/2012 19:13, Garrett Wollman wrote: > < said: > >> Right. That's what Dag-Erling and I have been saying all along. If you >> have the private host key you can impersonate the server. That's not a >> MITM attack. That's impersonating the server. > > If you can impersonate an ssh server, you can also do MitM, if the > client isn't using an authentication mechanism that is securely tied > to the ephemeral DH key protecting the session. Not clear that this > makes any difference in practice. If you're impersonating the server you already have the traffic, whatever else you can do for *that session* is an implementation detail. For the zillionth time, my point is that being able to impersonate the server is not going to get you anywhere for sessions *other* than the ones that terminate at your fake-but-has-the-private-key host. If anyone believes otherwise, please post how it can be done, in detail. Otherwise please let this thread die. Doug -- This .signature sanitized for your protection