Date: Fri, 16 Feb 2001 15:49:04 +0100 (CET) From: Jan Conrad <conrad@th.physik.uni-bonn.de> To: Kris Kennaway <kris@obsecurity.org> Cc: <freebsd-security@freebsd.org>, Ralph Schreyer <schreyer@th.physik.uni-bonn.de> Subject: Re: Why does openssh protocol default to 2? Message-ID: <Pine.BSF.4.33.0102161442540.51347-100000@merlin.th.physik.uni-bonn.de> In-Reply-To: <20010215133000.A12807@mollari.cthul.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 15 Feb 2001, Kris Kennaway wrote: > On Thu, Feb 15, 2001 at 01:18:45PM +0100, Jan Conrad wrote: > > On Thu, 15 Feb 2001, Kris Kennaway wrote: > > > > > On Thu, Feb 15, 2001 at 12:30:20PM +0100, Jan Conrad wrote: > > > > Hello, > > > > > > > > for quite a long time now I cannot understand why people encourage others > > > > for using ssh2 by default and I wanted to ask the readers of this list for > > > > their opinion. > > > > > > SSH1 has fundamental protocol flaws. SSH2 doesn't, that we know of. > > > > I knew that statement... Could you give me a good reference for a > > detailed discussion on that? > > www.core-sdi.com probably has some information - there are recently > discovered flaws and a number of older ones. > > > > I don't understand your complaint. If you don't want to use SSH2 with > > > RSA/DSA keys, don't do that. Use the UNIX password or some other PAM > > > authentication module (OPIE, etc) > > > > Sorry - I did not want to complain... (really :-) > > > > What would you suggest for NFS mounted home dirs as a reasonable solution? > > (To store keys I mean..) > > If you have people sniffing your NFS traffic then you're in trouble > anyway since they can probably spoof things very easily. Consider > what's really your threat model here. OK - that's the point here, precisely! Don't you think in such an environment using SSH1 with RhostsRSAAuthentication would be reasonable (of course only if you *need* to provide users with an rsh like automatic login). Sure - you can be spoofed etc., the SSH connection could be attacked and whatnot but I would consider that to be harmless compared to the possibility to collect keys just by sniffing the net (and most people usually have keys without passphrases..). I mean I just checked some University systems running ssh2 and ssh1 and I found really *lots* of keys in NFS mounted users homes... (sometimes 10% of the users had keys in their homes....) Maybe the conclusion is to put a warning into the manpages or into the default sshd_config saying something like 'be sure to switch xxxAuthentication of if you have NFS mounted homes'... What I would find reasonable is something like an .shosts mechanism for ssh2 or, better, but more complicated, having the keys themselves encrypted by some private key of the machine. Why should a user have access to a plain key? > > If you really don't want people to use DSA authentication (it's not a > security risk unless they use a weak passphrase) then disable it with > the appropriate configuration directive in /etc/ssh/sshd_config. sure > > Kris > Jan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0102161442540.51347-100000>