From owner-freebsd-security  Mon Dec 18 11:59:55 2000
From owner-freebsd-security@FreeBSD.ORG  Mon Dec 18 11:59:54 2000
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from daedalus.cs.brandeis.edu (daedalus.cs.brandeis.edu [129.64.3.179])
	by hub.freebsd.org (Postfix) with ESMTP id E0D0637B400
	for <freebsd-security@FreeBSD.ORG>; Mon, 18 Dec 2000 11:59:53 -0800 (PST)
Received: from localhost (meshko@localhost)
	by daedalus.cs.brandeis.edu (8.9.3/8.9.3) with ESMTP id OAA16336;
	Mon, 18 Dec 2000 14:59:43 -0500
Date: Mon, 18 Dec 2000 14:59:42 -0500 (EST)
From: Mikhail Kruk <meshko@cs.brandeis.edu>
To: <cjclark@alum.mit.edu>
Cc: Todd Backman <todd@flyingcroc.net>,
	<freebsd-security@FreeBSD.ORG>
Subject: Re: dsniff 2.3 info:
In-Reply-To: <20001218011320.X96105@149.211.6.64.reflexcom.com>
Message-ID: <Pine.LNX.4.30.0012181457380.16328-100000@daedalus.cs.brandeis.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: meshko@daedalus.cs.brandeis.edu
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> SSH is already fixed. Earlier in the text,
>
>     SSH simply uses a secret and public key, and since they are
>     generally not signed, it is trivial for an attacker to sit in the
>     middle and intercept the connection... If you do have the server's
>     public key, you will generally receive a warning like "Warning:
>     server's key has changed. Continue?" Most users will hit Yes.
>
> No, this is not accurate in my experience. Most clients will not let
> you use a server when the key does not match unless you manually
> remove the old key from the key list. Most clients at least have BIG
> FLASHY MESSAGES telling the user that a changed key means someone
> might be doing something Very Naughty, not just a simple, "Warning:
> server's key has changed. Continue?" For example, OpenSSH will say,

In my experience due to bad administrators who screw up ssh installations
those keys change after every OS upgrade and users get used to answering
"yes" to this question. When I see this message while connecting to on
of our university's system I usually think "they fucked up again", not
"wow it's a hacker!"



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message