From owner-freebsd-security@FreeBSD.ORG Tue Jun 26 01:46:31 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1B090106566C for ; Tue, 26 Jun 2012 01:46:31 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-wg0-f50.google.com (mail-wg0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id 9987D8FC08 for ; Tue, 26 Jun 2012 01:46:30 +0000 (UTC) Received: by wgbds11 with SMTP id ds11so4492243wgb.31 for ; Mon, 25 Jun 2012 18:46:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=3h36A1vF/q2t5YyvFzL6HyaEXWnya3/CUjjFBwAmVU8=; b=r55IjZ5lx3c7M/IfzjbtouK9o4eiMYZhbvoffZy4MTLYn6lF4kUY4oR5GSfj+9atS8 BfStfIgZVh3hWsZZ7JYCHu7mAa0OTvB6VxCOK2GGMGcb8NCadb8ZRnpmfq9ITy3XUhmr kTdAl3H20IOmzC6tXq5wYZR45XMWYwK6o+zQQta3UnMLXec00wOPZ0/QdClXNQLT+r0d T4PrzIY2uUNk+rtjDVKJttQHjHSYuOYG2VjLRc8XAQY+8EAJkK72i00uL/CjebfpOmTn UYGiEEngOaH7x1WfGUR+/1aui5pnlZEnv4iOdrEyrdkYeJiHdrRRqZHsuRIqzng/2wX5 YfsA== Received: by 10.216.144.228 with SMTP id n78mr6980527wej.26.1340675189348; Mon, 25 Jun 2012 18:46:29 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id gv7sm1339583wib.4.2012.06.25.18.46.26 (version=SSLv3 cipher=OTHER); Mon, 25 Jun 2012 18:46:28 -0700 (PDT) Date: Tue, 26 Jun 2012 02:46:24 +0100 From: RW To: freebsd-security@freebsd.org Message-ID: <20120626024624.4c333bd2@gumby.homeunix.com> In-Reply-To: <4FE9094A.4080605@FreeBSD.org> References: <86zk7sxvc3.fsf@ds4.des.no> <20120625023104.2a0c7627@gumby.homeunix.com> <86pq8nxtjp.fsf@ds4.des.no> <20120625223807.4dbeb91d@gumby.homeunix.com> <4FE8DF29.50406@FreeBSD.org> <20120625235310.3eed966e@gumby.homeunix.com> <4FE8F814.5020906@FreeBSD.org> <20120626015323.02b7f348@gumby.homeunix.com> <4FE9094A.4080605@FreeBSD.org> X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jun 2012 01:46:31 -0000 On Mon, 25 Jun 2012 17:58:50 -0700 Doug Barton wrote: > On 06/25/2012 17:53, RW wrote: > > On Mon, 25 Jun 2012 16:45:24 -0700 > > Doug Barton wrote: > > > >> On 06/25/2012 15:53, RW wrote: > >>> On Mon, 25 Jun 2012 14:59:05 -0700 > >>> Doug Barton wrote: > >>> > >>>>>> Having a copy of the host key allows you to do one thing and > >>>>>> one thing only: impersonate the server. It does not allow you > >>>>>> to eavesdrop on an already-established connection. > >>>>> > >>>>> It enables you to eavesdrop on new connections, > >>>> > >>>> Can you describe the mechanism used to do this? > >>> > >>> Through a MITM attack if nothing else > >> > >> Sorry, I wasn't clear. Please describe, in precise, reproducible > >> terms, how one would accomplish this. Or, link to known > >> script-kiddie resources ... whatever. My point being, I'm pretty > >> confident that what you're asserting isn't true. But if I'm wrong, > >> I'd like to learn why. > > > > Servers don't always require client keys for authentication. If they > > don't then a MITM attack only needs the server's key. > > Once again, please describe *how* the MITM is accomplished. If you > can't, then please stop posting on this topic. > > My point is that the ssh protocol is designed specifically to prevent > what you're describing. If you've obtained the server's private key by breaking the public key you can accept connections from clients just as if you are are the real server. If the server doesn't store client keys then there's nothing to stop you establishing a separate connection with any client side key and performing a MITM attack.