Firewall Wizards mailing list archives

RE: ssh holes? Trojans? [long]

From: Ben Nagy <bnagy () sa volante com au>
Date: Wed, 27 Sep 2000 09:11:46 +0930

[me]

Someone call the IETF! ;)

[Magosányi Árpád]

Calm down. It did change the keys on the fly, which means
that the user
had to enable agent forwarding to use RSA authentication, and the
ssh key on the server wasn't the same as the one told by the firewall.
As far I can remember, the proxy even sent debug log to the client
about doing the key exchange.


Ah, OK. I covered this under "Hacks that won't work very well". When you
replied under the bit about active MitM instead of under "Hacked server that
does a key substitution" I thought you were talking about something else.
All a user needs to do to defeat such a proxy is get the remote server's key
from somewhere else. Actually, now that I think about it, that won't bypass
the proxy, will it? You'd just get a signature error and the session
wouldn't establish...

My mistake. Go about your business. Nothing to see here. ;)

--
Ben Nagy
Network Consultant, Volante Solutions
PGP Key ID: 0x1A86E304  Mobile: +61 414 411 520 

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards

Current thread:

RE: ssh holes? Trojans? [long] Ben Nagy (Oct 01)
- <Possible follow-ups>
- Re: ssh holes? Trojans? [long] Jim Seymour (Oct 01)