Re: ssh holes? Trojans? [long]

[Magosányi Árpád <mag () bunuel tii matav hu>]

> > Now then, what we would like to do is to set up an ssh 'proxy' inside
> > the DMZ so that whatever is passed to the sshd on the proxy host
> > crosses our monitoring hosts 'in the clear'.
> >
> > Does anyone know of such a beast?  Has anyone used it?  I 
> > only found an
> > unfinished section of C code...
>
> Nice problem. If you haven't already, you should look at the IETF secsh
> working group pages - they have a reasonable description of the SSH
> protocol, and mention some security issues.[1]
>
> In summary, though, it's quite hard to do what you want. What you're
> effectively trying to do is mount an active man-in-the-middle (MitM) attack
> against the protocol. Sadly, the ephemeral keying in the SSH transport layer
> is signed Diffie-Hellman, which is resistant to MitM.

[good description of the problems]

Actually I have seen such an implementation working. It was written by 
bazsi () balabit hu for a never published firewall product, based on lsh.
It is expectable that there will be a new incarnation of the thing, either
by that lsh-based code, or by a proof-of-concept code I have made by
modifying openssh. Actually on the balabit homepage they say that
the architecture of Zorp is designed to make an ssh proxy possible.
[And there are all the ingredients out on the 'net open source: zorp as the 
underlying architecture, my openssh hack, and I believe that the lsh code 
contains the code of Bazsi.]

-- 
GNU GPL: csak tiszta forrásból

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards