Hardware potential to duplicate existing host keys... RSA DSA
ECDSA was Add rc.conf variables...
Doug Barton
dougb at FreeBSD.org
Tue Jun 26 01:55:55 UTC 2012
On 06/25/2012 18:46, RW wrote:
> On Mon, 25 Jun 2012 17:58:50 -0700
> Doug Barton wrote:
>
>> On 06/25/2012 17:53, RW wrote:
>>> On Mon, 25 Jun 2012 16:45:24 -0700
>>> Doug Barton wrote:
>>>
>>>> On 06/25/2012 15:53, RW wrote:
>>>>> On Mon, 25 Jun 2012 14:59:05 -0700
>>>>> Doug Barton wrote:
>>>>>
>>>>>>>> Having a copy of the host key allows you to do one thing and
>>>>>>>> one thing only: impersonate the server. It does not allow you
>>>>>>>> to eavesdrop on an already-established connection.
>>>>>>>
>>>>>>> It enables you to eavesdrop on new connections,
>>>>>>
>>>>>> Can you describe the mechanism used to do this?
>>>>>
>>>>> Through a MITM attack if nothing else
>>>>
>>>> Sorry, I wasn't clear. Please describe, in precise, reproducible
>>>> terms, how one would accomplish this. Or, link to known
>>>> script-kiddie resources ... whatever. My point being, I'm pretty
>>>> confident that what you're asserting isn't true. But if I'm wrong,
>>>> I'd like to learn why.
>>>
>>> Servers don't always require client keys for authentication. If they
>>> don't then a MITM attack only needs the server's key.
>>
>> Once again, please describe *how* the MITM is accomplished. If you
>> can't, then please stop posting on this topic.
>>
>> My point is that the ssh protocol is designed specifically to prevent
>> what you're describing.
>
> If you've obtained the server's private key by breaking the public
> key you can accept connections from clients just as if you are are the
> real server.
Right. That's what Dag-Erling and I have been saying all along. If you
have the private host key you can impersonate the server. That's not a
MITM attack. That's impersonating the server.
> If the server doesn't store client keys then there's
> nothing to stop you establishing a separate connection with any client
> side key and performing a MITM attack.
Last chance ... how, precisely, do you claim to be able to do this?
--
This .signature sanitized for your protection
More information about the freebsd-security
mailing list