Date: Tue, 26 Jun 2012 02:46:24 +0100 From: RW <rwmaillists@googlemail.com> To: freebsd-security@freebsd.org Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... Message-ID: <20120626024624.4c333bd2@gumby.homeunix.com> In-Reply-To: <4FE9094A.4080605@FreeBSD.org> References: <CA%2BQLa9A4gdgPEn3YBpExTG05e4mqbgxr2kJ16BQ27OSozVmmwQ@mail.gmail.com> <86zk7sxvc3.fsf@ds4.des.no> <CA%2BQLa9Dyu96AxmCNLcU8n5R21aTH6dStDT004iA516EH=jTkvQ@mail.gmail.com> <20120625023104.2a0c7627@gumby.homeunix.com> <86pq8nxtjp.fsf@ds4.des.no> <20120625223807.4dbeb91d@gumby.homeunix.com> <4FE8DF29.50406@FreeBSD.org> <20120625235310.3eed966e@gumby.homeunix.com> <4FE8F814.5020906@FreeBSD.org> <20120626015323.02b7f348@gumby.homeunix.com> <4FE9094A.4080605@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 25 Jun 2012 17:58:50 -0700 Doug Barton wrote: > On 06/25/2012 17:53, RW wrote: > > On Mon, 25 Jun 2012 16:45:24 -0700 > > Doug Barton wrote: > > > >> On 06/25/2012 15:53, RW wrote: > >>> On Mon, 25 Jun 2012 14:59:05 -0700 > >>> Doug Barton wrote: > >>> > >>>>>> Having a copy of the host key allows you to do one thing and > >>>>>> one thing only: impersonate the server. It does not allow you > >>>>>> to eavesdrop on an already-established connection. > >>>>> > >>>>> It enables you to eavesdrop on new connections, > >>>> > >>>> Can you describe the mechanism used to do this? > >>> > >>> Through a MITM attack if nothing else > >> > >> Sorry, I wasn't clear. Please describe, in precise, reproducible > >> terms, how one would accomplish this. Or, link to known > >> script-kiddie resources ... whatever. My point being, I'm pretty > >> confident that what you're asserting isn't true. But if I'm wrong, > >> I'd like to learn why. > > > > Servers don't always require client keys for authentication. If they > > don't then a MITM attack only needs the server's key. > > Once again, please describe *how* the MITM is accomplished. If you > can't, then please stop posting on this topic. > > My point is that the ssh protocol is designed specifically to prevent > what you're describing. If you've obtained the server's private key by breaking the public key you can accept connections from clients just as if you are are the real server. If the server doesn't store client keys then there's nothing to stop you establishing a separate connection with any client side key and performing a MITM attack.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120626024624.4c333bd2>