Re: [9fans] SSH Version2

[Andrew <afrayedknot@thefrayedknot.armory.com>]

On Mon, Oct 07, 2002 at 12:21:51PM -0400, Russ Cox wrote:
> > ever heard of ettercap? the ultimate in script kiddie packet sniffing
> > technology? it can break ssh1.
> > http://ettercap.sourceforge.net/

i should have clarified that yes. But getting someone's username and
password is one of the things i consider breaking a protocol. The whole
point is to keep that from happening, and when it does, the protocol
failed to work and is therefore broken. Granted this attack only happens
when you have a script kiddie sitting in the right place, but that limits
its usability, you can only try to connect somewhere when you are on a
network you trust (or are ignorant of). the idea behind ssh and all other
tools like it, is so you can work on a network you dont entirely trust,
if we always trusted networks we'd use telnet.

on the comment about ssh2, it was made more complicated specifically so
it would be harder to break, and said theory has held true because as
you said yourself, the ettercap guys havent figured it out yet. i want it
to be difficult for someone to get my username and password, impossible
is not an option yet, but one can certainly make it more difficult.

>
> that's not true.  it can stand in as a man-in-the-middle
> for an active attack on ssh1.  that's only going to work
> if you've never connected to the host before, or if you
> ignore the man-in-the-middle warnings when the other end's
> host key doesn't work out right.  to do that requires you
> are proxy arping for the victim server, which limits the
> attack even further.
>
> from their readme:
>
> 5.4.4 SSH1 MAN-IN-THE-MIDDLE
>
>  When the connection starts (remember that we are the master-of-packets, all
>  packets go through ettercap) we substitute the server public key with one
>  generated on the fly and save it in a list so we can remember that this
>  server has been poisoned before.
>  Then the client send the packet containing the session key ciphered with
>  our key, so we are able to decipher it and sniff the real 3DES session key.
>  Now we encrypt the packet with the correct server public key and forward it
>  to the SSH daemon.
>  The connection is established normally, but we have the session key !!
>  Now we can decrypt all the traffic and sit down watching the stream !
>  The connection will remain active even if we exit from ettercap, because
>  ettercap doesn't proxy it (like dsniff). After the exchange of the keys,
>  ettercap is only a spectator... ;)
>
> russ