From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew To: 9fans@cse.psu.edu Subject: Re: [9fans] SSH Version2 Message-ID: <20021008061634.GA29468@thefrayedknot.armory.com> References: <84f3667256e3e5270adb691c365ab243@plan9.bell-labs.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <84f3667256e3e5270adb691c365ab243@plan9.bell-labs.com> User-Agent: Mutt/1.4i Date: Mon, 7 Oct 2002 23:16:34 -0700 Topicbox-Message-UUID: 001014da-eacb-11e9-9e20-41e7f4b1d025 well anyways, i think my original point was that there are in fact some problems with ssh1, and consequently ssh2, which ive not denied, but to date, there are fewer known holes, and fewer tools for it. And I think/hope that we can at least agree that neither ssh1/2 in fact bulletproof, which in that case means we are actually arguing the same thing. I often frown at posts of "what foo security problems?" or something to that effect, "what sendmail problems?" a friend mentioned, it just rings to heavily of ignoring a problem and then assuming it just isnt there. It seemed to me, at least at the time, that that was the case. Sure ettercap only can do a MITM attack now, so? it _can_ sniff your password, therefore there is a problem. therefore saying "what protocol 1 problems" in a way that would infer there are no problems with it, is wrong; and thats all i wanted to point out, not that ssh2 somehow miraculously solves the problem once and for all, i never said that. On Tue, Oct 08, 2002 at 01:25:10AM -0400, Russ Cox wrote: > > on the comment about ssh2, it was made more complicated specifically so > > it would be harder to break, and said theory has held true because as > > NO NO NO. It happened to be made more complicated. > Things that are more complicated are not necessarily harder > to break, and often easier to break. Making it more > complicated was very likely not a design goal. > > > you said yourself, the ettercap guys havent figured it out yet. i want it > > Not true. The ettercap guys haven't implemented it yet. > That's not the same as haven't figured it out yet. > The MITM attack remains the same. They haven't implemented SSH2 > support, just like we haven't. This is very VERY different. > > > to be difficult for someone to get my username and password, impossible > > is not an option yet, but one can certainly make it more difficult. > > Impossible _is_ an option (modulo the attacker just happening to guess > the right password or key, which is unavoidable). > > Also, don't use SSH in password mode. Use it with public keys > or with challenge/response. Not as good as PAK, but much better > than sending a password. > > > network you trust (or are ignorant of). the idea behind ssh and all other > > tools like it, is so you can work on a network you dont entirely trust, > > if we always trusted networks we'd use telnet. > > There's a difference between working on a network you don't entirely > trust and working on a network that is a complete unknown to you. > If you're that paranoid, just get the host keys via an out-of-band > mechanism, and you'll never have a problem. > > I mean, come on. What kind of paranoid are you if you ignore messages like: > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! > Someone could be eavesdropping on you right now (man-in-the-middle attack)! > It is also possible that the RSA1 host key has just been changed. > The fingerprint for the RSA1 key sent by the remote host is > 2e:0e:82:ba:a3:d0:00:9a:ba:6d:87:e3:e0:b6:22:88. > Please contact your system administrator. > Add correct host key in /home/ny3/rsc/.ssh/known_hosts to get rid of this message. > Offending key in /home/ny3/rsc/.ssh/known_hosts:33 > RSA1 host key for labrador.eecs.harvard.edu has changed and you have requested strict checking. > Host key verification failed. > > Russ