Date: Mon, 18 Dec 2000 14:59:42 -0500 (EST) From: Mikhail Kruk <meshko@cs.brandeis.edu> To: <cjclark@alum.mit.edu> Cc: Todd Backman <todd@flyingcroc.net>, <freebsd-security@FreeBSD.ORG> Subject: Re: dsniff 2.3 info: Message-ID: <Pine.LNX.4.30.0012181457380.16328-100000@daedalus.cs.brandeis.edu> In-Reply-To: <20001218011320.X96105@149.211.6.64.reflexcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> SSH is already fixed. Earlier in the text, > > SSH simply uses a secret and public key, and since they are > generally not signed, it is trivial for an attacker to sit in the > middle and intercept the connection... If you do have the server's > public key, you will generally receive a warning like "Warning: > server's key has changed. Continue?" Most users will hit Yes. > > No, this is not accurate in my experience. Most clients will not let > you use a server when the key does not match unless you manually > remove the old key from the key list. Most clients at least have BIG > FLASHY MESSAGES telling the user that a changed key means someone > might be doing something Very Naughty, not just a simple, "Warning: > server's key has changed. Continue?" For example, OpenSSH will say, In my experience due to bad administrators who screw up ssh installations those keys change after every OS upgrade and users get used to answering "yes" to this question. When I see this message while connecting to on of our university's system I usually think "they fucked up again", not "wow it's a hacker!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.30.0012181457380.16328-100000>