Firewall Wizards mailing list archives
Re: ssh holes? Trojans? [long]
From: Magosányi Árpád <mag () bunuel tii matav hu>
Date: Thu, 21 Sep 2000 10:23:07 +0200
Now then, what we would like to do is to set up an ssh 'proxy' inside the DMZ so that whatever is passed to the sshd on the proxy host crosses our monitoring hosts 'in the clear'. Does anyone know of such a beast? Has anyone used it? I only found an unfinished section of C code...Nice problem. If you haven't already, you should look at the IETF secsh working group pages - they have a reasonable description of the SSH protocol, and mention some security issues.[1] In summary, though, it's quite hard to do what you want. What you're effectively trying to do is mount an active man-in-the-middle (MitM) attack against the protocol. Sadly, the ephemeral keying in the SSH transport layer is signed Diffie-Hellman, which is resistant to MitM.
[good description of the problems] Actually I have seen such an implementation working. It was written by bazsi () balabit hu for a never published firewall product, based on lsh. It is expectable that there will be a new incarnation of the thing, either by that lsh-based code, or by a proof-of-concept code I have made by modifying openssh. Actually on the balabit homepage they say that the architecture of Zorp is designed to make an ssh proxy possible. [And there are all the ingredients out on the 'net open source: zorp as the underlying architecture, my openssh hack, and I believe that the lsh code contains the code of Bazsi.] -- GNU GPL: csak tiszta forrásból _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- RE: ssh holes? Trojans? [long] Ben Nagy (Sep 20)
- Re: ssh holes? Trojans? [long] Magosányi Árpád (Sep 22)
- Re: ssh holes? Trojans? [long] Robert Collins (Sep 22)
- <Possible follow-ups>
- RE: ssh holes? Trojans? [long] Ben Nagy (Sep 25)
- Re: ssh holes? Trojans? [long] Magosányi Árpád (Sep 26)
- RE: ssh holes? Trojans? [long] sean . kelly (Sep 25)
- RE: ssh holes? Trojans? [long] Ben Nagy (Sep 26)