Compromised host keys
From: Jim Cheetham (jim.cheetham_at_ecosm.com)
Date: 11/04/03
- Previous message: Darren Tucker: "Re: Error getting priviledged environment"
- Next in thread: Conor Daly: "Re: Compromised host keys"
- Reply: Conor Daly: "Re: Compromised host keys"
- Maybe reply: Michael Young: "RE: Compromised host keys"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: secureshell@securityfocus.com Date: Wed, 05 Nov 2003 08:46:22 +1300
I have a set of machines at a hosting provider (I won't name them at
this stage), and have just noticed that the host keys on all my machines
are identical (actually, the whole ssh config directory is identical).
I am presuming that this is a 'feature' of their build environment, and
I have to assume that other customers of theirs with the same
OS/version, also have the same keys.
With a copy of the host key I guess it's possible for an attacker to
masquerade as my server, and run a man-in-the-middle attack. Presumably
they'd also need to compromise DNS (if I'm reaching my server by name)
or routers on the path (to divert the IP stream).
What other attacks could be made by someone who has a copy of my server
host keys?
-jim
- Previous message: Darren Tucker: "Re: Error getting priviledged environment"
- Next in thread: Conor Daly: "Re: Compromised host keys"
- Reply: Conor Daly: "Re: Compromised host keys"
- Maybe reply: Michael Young: "RE: Compromised host keys"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
