nanog mailing list archives
Re: telnet vs ssh on Core equipment , looking for reasons why ?
From: Greg Maxwell <gmaxwell () martin fl us>
Date: Tue, 31 Jul 2001 11:03:10 -0400 (EDT)
On Tue, 31 Jul 2001 alex () yuriev com wrote:
so thats my main logic, authentication... i cant understand the big paranoia on people sniffing tho!unfortunately ssh is just as sniffable if it's an arp spoof, but hopefully it's not as easy for the naughty eavesdropper to get into the right position for that....Pardon for blowing your bubble but sniffing ssh keyexchange does not do you any good. The symmetric key is exchanged via a channel aready secured. The keys that is used to secure the channel used to exchange the symmetric key are exchanged via DH-based protocol. If you want to spend your time factoring primes for next 500 years to extract the key, you are more than welcome to try. It is crypto-101.
If you can arp spoof as indicated in the message you are replying to, you can perform a MTM attack which SSH offers only minimal security against (in the form of stored host keys that users often choose to ignore or not verify the fingerprint). Look to SRP for a MTM-less password authentication solution.
Current thread:
- Re: Hard data on network impact of the "Code Red" worm?, (continued)
- Re: Hard data on network impact of the "Code Red" worm? Valdis . Kletnieks (Jul 30)
- Re: Hard data on network impact of the "Code Red" worm? up (Jul 31)
- Re: Hard data on network impact of the "Code Red" worm? Vijay Gill (Jul 30)
- RE: Hard data on network impact of the "Code Red" worm? Roeland Meyer (Jul 31)
- telnet vs ssh on Core equipment , looking for reasons why ? Mr. James W. Laferriere (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? fingers (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Stephen J. Wilcox (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? fingers (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Stephen J. Wilcox (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? alex (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Greg Maxwell (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? alex (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Greg Maxwell (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? alex (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? fingers (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? alex (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Scott Francis (Jul 31)
- telnet vs ssh on Core equipment , looking for reasons why ? Mr. James W. Laferriere (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? fingers (Jul 31)
- RE: telnet vs ssh on Core equipment , looking for reasons why ? Deepak Jain (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Ariel Biener (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Stephen J. Wilcox (Jul 31)