Hardware potential to duplicate existing host keys... RSA DSA
ECDSA was Add rc.conf variables...
Garrett Wollman
wollman at bimajority.org
Tue Jun 26 02:13:02 UTC 2012
<<On Mon, 25 Jun 2012 18:55:54 -0700, Doug Barton <dougb at freebsd.org> said:
> Right. That's what Dag-Erling and I have been saying all along. If you
> have the private host key you can impersonate the server. That's not a
> MITM attack. That's impersonating the server.
If you can impersonate an ssh server, you can also do MitM, if the
client isn't using an authentication mechanism that is securely tied
to the ephemeral DH key protecting the session. Not clear that this
makes any difference in practice.
-GAWollman
More information about the freebsd-security
mailing list