From owner-freebsd-security@FreeBSD.ORG Tue Jun 26 03:47:31 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A69241065670 for ; Tue, 26 Jun 2012 03:47:31 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-yx0-f182.google.com (mail-yx0-f182.google.com [209.85.213.182]) by mx1.freebsd.org (Postfix) with ESMTP id 495DA8FC18 for ; Tue, 26 Jun 2012 03:47:31 +0000 (UTC) Received: by yenl8 with SMTP id l8so4062210yen.13 for ; Mon, 25 Jun 2012 20:47:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to; bh=TLDLZAgVDSF5N+eCRET6tXVshXvzCdZUpagradPDakQ=; b=Mn9hLaGGz80DqpeOT93ML07pst1sriPF52wY0+4Di6uHLrcI639FgHZCgmO+DQUmLL 3Vc3RvzjBIMS0mXvXMfQnPUJhc90AmQnxaISD9fgl/jdV7IikNqt/aahMGZIDVSMX3oC 7slgyPYWI2+G3LrY+uGaPo1uT+XlAvTaq0Jmo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-gm-message-state; bh=TLDLZAgVDSF5N+eCRET6tXVshXvzCdZUpagradPDakQ=; b=ehByJ8ejr/qEAuYBCWY07gYNStbbEJwvqQfn8zK1XSg1wjKEub3DS+6w4G5HevoAGL +tTc+NX/J62PKed0Ye6NGK5yhTmcu4qoX9VJrI+aPCrWQeC2Sq68/Yna3tBu+W6k33vv oUzt5jU2QIWziUwU0WoLnR6IhZRo1NMvZJKegMom1zaYKPZLpmmtzr5hNPPN/5ZqgtsN FzUxiNmBjONgCPC7oWZ2SZlFraSU4TMCxEfSW3rvyW8tpR/ZILt7ygDoP458/JEyy4Qs FKFgvApPH3K3c8HXFPmEqDu1vBLryGLMre+aObjeMz/MjyEQlXjMfq4bLPFX9ij1fLmd l8ow== Received: by 10.42.155.200 with SMTP id v8mr7982276icw.12.1340682450417; Mon, 25 Jun 2012 20:47:30 -0700 (PDT) Received: from DataIX.net (75-128-120-86.dhcp.aldl.mi.charter.com. [75.128.120.86]) by mx.google.com with ESMTPS id v17sm1824346igv.7.2012.06.25.20.47.29 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 25 Jun 2012 20:47:29 -0700 (PDT) Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q5Q3lRl7057097 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 25 Jun 2012 23:47:27 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Received: (from jh@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q5Q3lReY057096; Mon, 25 Jun 2012 23:47:27 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Date: Mon, 25 Jun 2012 23:47:27 -0400 From: "J. Hellenthal" To: RW Message-ID: <20120626034727.GA56503@DataIX.net> References: <86pq8nxtjp.fsf@ds4.des.no> <20120625223807.4dbeb91d@gumby.homeunix.com> <4FE8DF29.50406@FreeBSD.org> <20120625235310.3eed966e@gumby.homeunix.com> <4FE8F814.5020906@FreeBSD.org> <20120626015323.02b7f348@gumby.homeunix.com> <4FE9094A.4080605@FreeBSD.org> <20120626024624.4c333bd2@gumby.homeunix.com> <4FE916AA.6050503@FreeBSD.org> <20120626035609.0d0f061b@gumby.homeunix.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20120626035609.0d0f061b@gumby.homeunix.com> X-Gm-Message-State: ALoCoQkI1CSPJYvPpCzooTJkyB45CEeyMqGFLD8xMU85BohrvC1uioRYIj6KPuq5B2PR5Pm0pxHl Cc: freebsd-security@freebsd.org Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jun 2012 03:47:31 -0000 On Tue, Jun 26, 2012 at 03:56:09AM +0100, RW wrote: > On Mon, 25 Jun 2012 18:55:54 -0700 > Doug Barton wrote: > > > > >> My point is that the ssh protocol is designed specifically to > > >> prevent what you're describing. > > > > > > If you've obtained the server's private key by breaking the public > > > key you can accept connections from clients just as if you are are > > > the real server. > > > > Right. That's what Dag-Erling and I have been saying all along. If you > > have the private host key you can impersonate the server. That's not a > > MITM attack. That's impersonating the server. > > If only the server is authenticated, then impersonating the > server is the only impediment to a MITM attack (aside from > intercepting the netwok traffic). If the server has client keys then > obviously it wont work. > > > > If the server doesn't store client keys then there's > > > nothing to stop you establishing a separate connection with any > > > client side key and performing a MITM attack. > > > > Last chance ... how, precisely, do you claim to be able to do this? > > What's to stop you doing it where there's no authentication of clients? > All the attacker needs to do is establish an ssh connection to the > server and relay what he's getting from the original client. The > situation is analogous to performing a MITM attack against a website > where the ssl keys have been stolen by the attacker. Client -> FakeSSHD -> RealHOST If FakeSSHD has RealHOST's ssh_host_*_key's then they are able to impersonate RealHOST and prompt for a password that no matter wether it is correct will just silently drop all further traffic and relay to the RealHOST in which they never realize the difference while the operator of FakeSSHD now has a password for RealHOST from the user. The user would not be the wiser to just think there is something wrong in their environment or the servers environment and will be left clueless. Still have yet to hear of something like this happening but its real enough considering some of the exploits out there. But this is all way to far beyond what this thread is supposed to be about and beyond the scope of FreeBSD entirely so lets just let it drop or pick it up on FD. -- - (2^(N-1))