From owner-freebsd-questions  Fri Apr  6  3:21:25 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from dire.bris.ac.uk (dire.bris.ac.uk [137.222.10.60])
	by hub.freebsd.org (Postfix) with ESMTP id A3A8E37B506
	for <freebsd-questions@freebsd.org>; Fri,  6 Apr 2001 03:21:22 -0700 (PDT)
	(envelope-from Jan.Grant@bristol.ac.uk)
Received: from mail.ilrt.bris.ac.uk by dire.bris.ac.uk with SMTP-PRIV 
          with ESMTP; Fri, 6 Apr 2001 11:21:02 +0100
Received: from cmjg (helo=localhost)	by mail.ilrt.bris.ac.uk 
          with local-esmtp (Exim 3.16 #1)	id 14lTMN-0004j8-00;
          Fri, 06 Apr 2001 11:20:55 +0100
Date: Fri, 6 Apr 2001 11:20:55 +0100 (BST)
From: Jan Grant <Jan.Grant@bristol.ac.uk>
To: Ted Mittelstaedt <tedm@toybox.placo.com>
Cc: freebsd-questions <freebsd-questions@FreeBSD.ORG>
Subject: RE: SSHD Problems...
In-Reply-To: <001701c0be68$fcdb98a0$1401a8c0@tedm.placo.com>
Message-ID: <Pine.GSO.4.31.0104061115110.14755-100000@mail.ilrt.bris.ac.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Fri, 6 Apr 2001, Ted Mittelstaedt wrote:

> Also, I think even the security people will tell you that the practice of
> passing the key during the _first_ initial connection via ssh basically
> destroys the entire integrity of the ssh transaction - key passing is
> supposed to be out-of-band, not in-band.

You're referring to "remote server's key fingerprint is BLAH; accept?"

Of course, all your users will refer to the printout they have of the
signed email the sysadmin sent around giving the ner servers'
fingerprints.

Maybe you can't trust users to do this; but you ought to be able to
trust a sysadmin to preinstall appropriate host keys or make the
fingerprints available through other channels.

It is, of course, true that if you don't understand ssh you can continue
to use it blithely unaware of security problems that may have arisen.
And people _do_ do that :-( - generally, though, MITM attacks against
ssh require some concerted effort. If you consider that such a threat
exists and is relevant in your situation, then you need to weigh it
against the cost of user training* to get them to use the tools
properly.

jan

* And sysadmin training, too.

-- 
jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/
Tel +44(0)117 9287163 Fax +44 (0)117 9287112 RFC822 jan.grant@bris.ac.uk
Generalisation is never appropriate.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message