Firewall Wizards mailing list archives
RE: ssh holes? Trojans? [long]
From: Ben Nagy <bnagy () sa volante com au>
Date: Mon, 25 Sep 2000 09:21:03 +0930
-----Original Message----- From: Magosányi Árpád [mailto:mag () bunuel tii matav hu] Sent: Thursday, 21 September 2000 5:53 PM To: Ben Nagy Cc: 'firewall-wizards () nfr net' Subject: Re: [fw-wiz] ssh holes? Trojans? [long]
[snip]
In summary, though, it's quite hard to do what you want. What you're effectively trying to do is mount an activeman-in-the-middle (MitM) attackagainst the protocol. Sadly, the ephemeral keying in theSSH transport layeris signed Diffie-Hellman, which is resistant to MitM.[good description of the problems] Actually I have seen such an implementation working. It was written by bazsi () balabit hu for a never published firewall product, based on lsh.
OK, you're scaring me. If you've seen a working implementation of a product that can do SSH MitM without a compromised client and allowing cleartext monitoring of the traffic that's a *serious* flaw in the protocol. I don't mean to sound sceptical, but are you_sure_ that's what you're saying? Someone call the IETF! ;) Cheers, -- Ben Nagy Network Consultant, Volante Solutions PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520 _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- RE: ssh holes? Trojans? [long] Ben Nagy (Sep 20)
- Re: ssh holes? Trojans? [long] Magosányi Árpád (Sep 22)
- Re: ssh holes? Trojans? [long] Robert Collins (Sep 22)
- <Possible follow-ups>
- RE: ssh holes? Trojans? [long] Ben Nagy (Sep 25)
- Re: ssh holes? Trojans? [long] Magosányi Árpád (Sep 26)
- RE: ssh holes? Trojans? [long] sean . kelly (Sep 25)
- RE: ssh holes? Trojans? [long] Ben Nagy (Sep 26)