OpenSSH accepts any RSA key from host 127.0.0.1, even on non-default ports

From: Alex Popa (razor@ldc.ro)
Date: 05/01/01 

Date: Tue, 1 May 2001 23:16:16 +0300
From: Alex Popa <razor@ldc.ro>
To: security@FreeBSD.org

The reason why this bothers me is that I sometimes use ssh to tunnel ssh
connections (blowfish encryption in a 3DES tunnel, anyone?) to hosts I
cannot otherwise reach (ie non-routable address space, 192.168.0.0/16)
or to hosts which only accept connections from certain IPs.

I do not sometimes fully trust the hosts I use as relays, so it would be
nice if SSH could show me the key fingerprint and let me decide if I
want to connect, not just accept any key.

Example:
(setting up the support tunnel)
#ssh some.host.example.org -l me -C -L 222:192.168.1.2:22
(connects OK)
(switch VT's)
# ssh 127.0.0.1 -v -C -l root -p 222
SSH Version OpenSSH_2.3.0 green@FreeBSD.org 20010321, protocol versions 1.5/2.0.
Compiled with SSL (0x0090600f).
debug: Reading configuration data /etc/ssh/ssh_config
debug: ssh_connect: getuid 0 geteuid 0 anon 0
debug: Connecting to (null) [127.0.0.1] port 222.
debug: Allocated local port 1015.
debug: Connection established.
debug: Remote protocol version 1.5, remote software version 1.2.27
debug: no match: 1.2.27
debug: Local version string SSH-1.5-OpenSSH_2.3.0 green@FreeBSD.org 20010321
debug: Waiting for server public key.
debug: Received server public key (1152 bits) and host key (1024 bits). 

---
debug: Forcing accepting of host key for loopback/localhost.
---
debug: Encryption type: 3des
debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
debug: Remote: Server does not permit empty password login.
debug: Doing password authentication.
root@127.0.0.1's password:
As you can see from the separated line, ssh does not even ask if I want
to accept the key.  If I set up a different tunnel, I get no warning
message about the key change.
Is there a way to tell ssh to ask me about that key, and even keep
different keys in my known_hosts file, for example for 127.0.0.1, 127.1,
127.0.1 (which are the same IP, but in different formats so I can store
the kays once, and then leave ssh to check if they are unchanged).
[Sorry if I do not make a lot of sense, this has been a long day]
Have Fun!
------------+------------------------------------------
Alex Popa,  |  "Artificial Intelligence is
razor@ldc.ro|         no match for Natural Stupidity"
------------+------------------------------------------
"It took the computing power of three C-64s to fly to the Moon.
It takes a 486 to run Windows 95. Something is wrong here."
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: ssh - cannot log in
    ... If I were using a Linux ssh client, I would turn on the debug option. ... Does Putty have a debug window one could look at which might give clues? ... # Specify the ssh protocols accepted, default was Protocol 2,1 ...
    (Fedora)
  • Re: OpenSSH accepts any RSA key from host 127.0.0.1, even on non-default ports
    ... > The reason why this bothers me is that I sometimes use ssh to tunnel ssh ... > connections (blowfish encryption in a 3DES tunnel, ... > debug: Allocated local port 1015. ... Received server public key and host key. ...
    (FreeBSD-Security)
  • Rsync problem
    ... In our Institut i was able to use rsync with ssh for backup my data from PC to linux server. ... debug: SshAuthMethodClient/sshauthmethodc.c:85: Added "keyboard-interactive" to ...
    (comp.security.ssh)
  • Re: How to ssh from AIX to Linux Redhat without prompting for passwd.
    ... You are correct..we are using a commercial ssh. ... we are using publickeys. ... debug: Ssh2/ssh2.c:1956: Entering event loop. ...
    (comp.security.ssh)
  • ssh with keys problem from Solaris
    ... I've followed your instructions for setting up ssh with keys, ... debug: client supports 3 auth methods: 'publickey,keyboard- ...
    (comp.security.ssh)