nanog mailing list archives
Re: telnet vs ssh on Core equipment , looking for reasons why ?
From: <alex () yuriev com>
Date: Tue, 31 Jul 2001 11:14:30 -0400 (EDT)
Pardon for blowing your bubble but sniffing ssh keyexchange does not do you any good. The symmetric key is exchanged via a channel aready secured. The keys that is used to secure the channel used to exchange the symmetric key are exchanged via DH-based protocol. If you want to spend your time factoring primes for next 500 years to extract the key, you are more than welcome to try. It is crypto-101.If you can arp spoof as indicated in the message you are replying to, you can perform a MTM attack which SSH offers only minimal security against (in the form of stored host keys that users often choose to ignore or not verify the fingerprint). Look to SRP for a MTM-less password authentication solution.
Monkey in the Middle attack on SSH is very difficult to perform. I'm cc'ing Matt Bishop (bishop () cs ucdavis edu) who together with yours truly wrote a paper on this in 1997. Cheers, ALex
Current thread:
- Re: Hard data on network impact of the "Code Red" worm?, (continued)
- Re: Hard data on network impact of the "Code Red" worm? up (Jul 31)
- Re: Hard data on network impact of the "Code Red" worm? Vijay Gill (Jul 30)
- RE: Hard data on network impact of the "Code Red" worm? Roeland Meyer (Jul 31)
- telnet vs ssh on Core equipment , looking for reasons why ? Mr. James W. Laferriere (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? fingers (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Stephen J. Wilcox (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? fingers (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Stephen J. Wilcox (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? alex (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Greg Maxwell (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? alex (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Greg Maxwell (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? alex (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? fingers (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? alex (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Scott Francis (Jul 31)
- telnet vs ssh on Core equipment , looking for reasons why ? Mr. James W. Laferriere (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? fingers (Jul 31)
- RE: telnet vs ssh on Core equipment , looking for reasons why ? Deepak Jain (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Ariel Biener (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Stephen J. Wilcox (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Ariel Biener (Jul 31)