Firewall Wizards mailing list archives

RE: ssh holes? Trojans? [long]

From: sean.kelly () lanston com
Date: Mon, 25 Sep 2000 14:32:05 -0400

From: Ben Nagy [mailto:bnagy () sa volante com au]

In summary, though, it's quite hard to do what you want. What you're
effectively trying to do is mount an active man-in-the-middle 
(MitM) attack
against the protocol. Sadly, the ephemeral keying in the SSH 
transport layer
is signed Diffie-Hellman, which is resistant to MitM.


This got me thinking.  PGP supports the use of ADKs in its Diffie-Hellman
keys (as the recent ADK bug hoopla would attest), could SSH do the same?
I'm personally not a fan of ADKs but it would enable monitoring of an SSH
session.


Sean

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards

Current thread:

RE: ssh holes? Trojans? [long] Ben Nagy (Sep 20)
- Re: ssh holes? Trojans? [long] Magosányi Árpád (Sep 22)
- Re: ssh holes? Trojans? [long] Robert Collins (Sep 22)
- <Possible follow-ups>
- RE: ssh holes? Trojans? [long] Ben Nagy (Sep 25)
  - Re: ssh holes? Trojans? [long] Magosányi Árpád (Sep 26)
- RE: ssh holes? Trojans? [long] sean . kelly (Sep 25)
- RE: ssh holes? Trojans? [long] Ben Nagy (Sep 26)