Date: Mon, 18 Dec 2000 13:55:00 -0800 From: "Crist J. Clark" <cjclark@reflexnet.net> To: Mikhail Kruk <meshko@cs.brandeis.edu> Cc: Todd Backman <todd@flyingcroc.net>, freebsd-security@FreeBSD.ORG Subject: Re: dsniff 2.3 info: Message-ID: <20001218135500.A18762@rfx-64-6-211-149.users.reflexco> In-Reply-To: <Pine.LNX.4.30.0012181457380.16328-100000@daedalus.cs.brandeis.edu>; from meshko@cs.brandeis.edu on Mon, Dec 18, 2000 at 02:59:42PM -0500 References: <20001218011320.X96105@149.211.6.64.reflexcom.com> <Pine.LNX.4.30.0012181457380.16328-100000@daedalus.cs.brandeis.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Dec 18, 2000 at 02:59:42PM -0500, Mikhail Kruk wrote: > > SSH is already fixed. Earlier in the text, > > > > SSH simply uses a secret and public key, and since they are > > generally not signed, it is trivial for an attacker to sit in the > > middle and intercept the connection... If you do have the server's > > public key, you will generally receive a warning like "Warning: > > server's key has changed. Continue?" Most users will hit Yes. > > > > No, this is not accurate in my experience. Most clients will not let > > you use a server when the key does not match unless you manually > > remove the old key from the key list. Most clients at least have BIG > > FLASHY MESSAGES telling the user that a changed key means someone > > might be doing something Very Naughty, not just a simple, "Warning: > > server's key has changed. Continue?" For example, OpenSSH will say, > > In my experience due to bad administrators who screw up ssh installations > those keys change after every OS upgrade and users get used to answering > "yes" to this question. When I see this message while connecting to on > of our university's system I usually think "they fucked up again", not > "wow it's a hacker!" If that is the case, bad administration, the servers themselves are probably easier targets than going through the trouble of hijacking an SSH session. It sounds like you should be not trusting the remote server too much in the first place. Any protocol will be vulnerable to attack via inept administrators or users. I don't think there is any way to fix that other than make things as easy to use and understand as possible. Unfortunately, there are always those for which it is never simple and easy enough. Make anything idiot-proof and some ingenuous idiot will still find a way. It's a corollary to Murphy's. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001218135500.A18762>