Firewall Wizards mailing list archives
RE: ssh holes? Trojans? [long]
From: Ben Nagy <bnagy () sa volante com au>
Date: Wed, 27 Sep 2000 09:11:46 +0930
[me]
Someone call the IETF! ;)
[Magosányi Árpád]
Calm down. It did change the keys on the fly, which means that the user had to enable agent forwarding to use RSA authentication, and the ssh key on the server wasn't the same as the one told by the firewall. As far I can remember, the proxy even sent debug log to the client about doing the key exchange.
Ah, OK. I covered this under "Hacks that won't work very well". When you replied under the bit about active MitM instead of under "Hacked server that does a key substitution" I thought you were talking about something else. All a user needs to do to defeat such a proxy is get the remote server's key from somewhere else. Actually, now that I think about it, that won't bypass the proxy, will it? You'd just get a signature error and the session wouldn't establish... My mistake. Go about your business. Nothing to see here. ;) -- Ben Nagy Network Consultant, Volante Solutions PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520 _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- RE: ssh holes? Trojans? [long] Ben Nagy (Oct 01)
- <Possible follow-ups>
- Re: ssh holes? Trojans? [long] Jim Seymour (Oct 01)