Date: Mon, 25 Jun 2012 18:55:54 -0700 From: Doug Barton <dougb@FreeBSD.org> To: RW <rwmaillists@googlemail.com> Cc: freebsd-security@freebsd.org Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... Message-ID: <4FE916AA.6050503@FreeBSD.org> In-Reply-To: <20120626024624.4c333bd2@gumby.homeunix.com> References: <CA%2BQLa9A4gdgPEn3YBpExTG05e4mqbgxr2kJ16BQ27OSozVmmwQ@mail.gmail.com> <86zk7sxvc3.fsf@ds4.des.no> <CA%2BQLa9Dyu96AxmCNLcU8n5R21aTH6dStDT004iA516EH=jTkvQ@mail.gmail.com> <20120625023104.2a0c7627@gumby.homeunix.com> <86pq8nxtjp.fsf@ds4.des.no> <20120625223807.4dbeb91d@gumby.homeunix.com> <4FE8DF29.50406@FreeBSD.org> <20120625235310.3eed966e@gumby.homeunix.com> <4FE8F814.5020906@FreeBSD.org> <20120626015323.02b7f348@gumby.homeunix.com> <4FE9094A.4080605@FreeBSD.org> <20120626024624.4c333bd2@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 06/25/2012 18:46, RW wrote: > On Mon, 25 Jun 2012 17:58:50 -0700 > Doug Barton wrote: > >> On 06/25/2012 17:53, RW wrote: >>> On Mon, 25 Jun 2012 16:45:24 -0700 >>> Doug Barton wrote: >>> >>>> On 06/25/2012 15:53, RW wrote: >>>>> On Mon, 25 Jun 2012 14:59:05 -0700 >>>>> Doug Barton wrote: >>>>> >>>>>>>> Having a copy of the host key allows you to do one thing and >>>>>>>> one thing only: impersonate the server. It does not allow you >>>>>>>> to eavesdrop on an already-established connection. >>>>>>> >>>>>>> It enables you to eavesdrop on new connections, >>>>>> >>>>>> Can you describe the mechanism used to do this? >>>>> >>>>> Through a MITM attack if nothing else >>>> >>>> Sorry, I wasn't clear. Please describe, in precise, reproducible >>>> terms, how one would accomplish this. Or, link to known >>>> script-kiddie resources ... whatever. My point being, I'm pretty >>>> confident that what you're asserting isn't true. But if I'm wrong, >>>> I'd like to learn why. >>> >>> Servers don't always require client keys for authentication. If they >>> don't then a MITM attack only needs the server's key. >> >> Once again, please describe *how* the MITM is accomplished. If you >> can't, then please stop posting on this topic. >> >> My point is that the ssh protocol is designed specifically to prevent >> what you're describing. > > If you've obtained the server's private key by breaking the public > key you can accept connections from clients just as if you are are the > real server. Right. That's what Dag-Erling and I have been saying all along. If you have the private host key you can impersonate the server. That's not a MITM attack. That's impersonating the server. > If the server doesn't store client keys then there's > nothing to stop you establishing a separate connection with any client > side key and performing a MITM attack. Last chance ... how, precisely, do you claim to be able to do this? -- This .signature sanitized for your protection
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FE916AA.6050503>