From owner-freebsd-security Tue May 1 13:16:34 2001 Delivered-To: freebsd-security@freebsd.org Received: from ldc.ro (ldc-gw.pub.ro [192.129.3.227]) by hub.freebsd.org (Postfix) with SMTP id 7254737B423 for ; Tue, 1 May 2001 13:16:27 -0700 (PDT) (envelope-from razor@ldc.ro) Received: (qmail 40265 invoked by uid 666); 1 May 2001 20:16:16 -0000 Date: Tue, 1 May 2001 23:16:16 +0300 From: Alex Popa To: security@FreeBSD.org Subject: OpenSSH accepts any RSA key from host 127.0.0.1, even on non-default ports Message-ID: <20010501231616.A40227@ldc.ro> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The reason why this bothers me is that I sometimes use ssh to tunnel ssh connections (blowfish encryption in a 3DES tunnel, anyone?) to hosts I cannot otherwise reach (ie non-routable address space, 192.168.0.0/16) or to hosts which only accept connections from certain IPs. I do not sometimes fully trust the hosts I use as relays, so it would be nice if SSH could show me the key fingerprint and let me decide if I want to connect, not just accept any key. Example: (setting up the support tunnel) #ssh some.host.example.org -l me -C -L 222:192.168.1.2:22 (connects OK) (switch VT's) # ssh 127.0.0.1 -v -C -l root -p 222 SSH Version OpenSSH_2.3.0 green@FreeBSD.org 20010321, protocol versions 1.5/2.0. Compiled with SSL (0x0090600f). debug: Reading configuration data /etc/ssh/ssh_config debug: ssh_connect: getuid 0 geteuid 0 anon 0 debug: Connecting to (null) [127.0.0.1] port 222. debug: Allocated local port 1015. debug: Connection established. debug: Remote protocol version 1.5, remote software version 1.2.27 debug: no match: 1.2.27 debug: Local version string SSH-1.5-OpenSSH_2.3.0 green@FreeBSD.org 20010321 debug: Waiting for server public key. debug: Received server public key (1152 bits) and host key (1024 bits). --- debug: Forcing accepting of host key for loopback/localhost. --- debug: Encryption type: 3des debug: Sent encrypted session key. debug: Installing crc compensation attack detector. debug: Received encrypted confirmation. debug: Remote: Server does not permit empty password login. debug: Doing password authentication. root@127.0.0.1's password: As you can see from the separated line, ssh does not even ask if I want to accept the key. If I set up a different tunnel, I get no warning message about the key change. Is there a way to tell ssh to ask me about that key, and even keep different keys in my known_hosts file, for example for 127.0.0.1, 127.1, 127.0.1 (which are the same IP, but in different formats so I can store the kays once, and then leave ssh to check if they are unchanged). [Sorry if I do not make a lot of sense, this has been a long day] Have Fun! ------------+------------------------------------------ Alex Popa, | "Artificial Intelligence is razor@ldc.ro| no match for Natural Stupidity" ------------+------------------------------------------ "It took the computing power of three C-64s to fly to the Moon. It takes a 486 to run Windows 95. Something is wrong here." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message