Re: known_hosts vulnerability?

From: Damien Miller (djm_at_mindrot.org)
Date: 05/19/05

  • Next message: Michael Tross: "Re: OpenSSH 4.0p1 ignores password authentication" 
    Date: Thu, 19 May 2005 08:02:47 +1000
To: "Gabriel M. Elder" <eldergabriel@charter.net>

    Gabriel M. Elder wrote:
    > Hey all,
    >
    > I came across a security news article, referenced by
    > http://www.linux.org/news, at
    >
    > http://www.techworld.com/security/news/index.cfm?NewsID=3668
    >
    > talking about an SSH weakness involving the known_hosts file. I
    > apologize if this issue has already been addressed, but the mailing list
    > archives didn't turn up anything when i tried searching for something
    > relevant. So; not to knee-jerk or anything, but is anyone currently
    > looking into this? Does this need to be addressed, or has it already
    > been taken care of? Offhand, on a scale of 0 - 11, this would seem to
    > rate kinda high, ~7. Am i off-base?

    It is a problem mainly for large educational facilities and labs, where
    users use weak authenticators (same passwords, password-less public
    keys, etc) on multiple hosts. In these cases, an attacker (or their
    worm) could use the known_hosts file as a hit-list of other hosts to
    try.

    I think some of the publicity is a little overblown because the same
    information is available from many other sources: shell histories,
    netstat or ps output, etc. Furthermore, if an account is already
    compromised, then there are far more effective ways for a worm to gain
    access to other accounts (e.g. fudge $PATH to contain a trojan ssh that
    steals account/password/host information directly).

    Anyway, we implemented the HashKnownHosts (see "man ssh") to address
    this. Admins should be aware that this doesn't make the problem go away,
    but it does make the attack harder (hopefully too hard for a worm).

    >>From the article: "a known_hosts hashing scheme proposed by MIT has been
    > implemented in OpenSSH 4.0 and in a patch for earlier versions of SSH".
    > Looking at my own ~/.ssh/known_hosts file, the entries appear to be
    > encrypted, by default; i assume this is a Good Thing. Installed ssh
    > package = openssh-server-3.9p1-8.0.1. Shall i now resume my warm fuzzies
    > and assume all is snug and secure in openssh-land?

    No - unless your admins have modified 3.9p1 for you, your file probably
    looks like:

    hostname ssh-rsa AAAAAPO7JD765SPF2OJ337FSAPSO...

    This change is about hashing "hostname" so noone can tell what hosts you
    have visited.

    -d

  • Next message: Michael Tross: "Re: OpenSSH 4.0p1 ignores password authentication"

    Relevant Pages

    • Re: Adding new IP to ssh known hosts
      ... >> I'm on an ADSL ISP, and have a shell account on a second ISP, which I ... >> DSA host key for IP address 'xxx.xxx.xxx.xxx' not in list of known hosts. ... possible ssh access accounts. ...
      (comp.os.linux.security)
    • Re: Passing password in ssh
      ... If I create keys without a passphrase, and share the public keys between ... You do know that you first have to get the private key of the key ... The .ssh directory also ... But simply cracking into a user's account who has access to several ...
      (Fedora)
    • Re: Problems with Sudo
      ... where only one unprivileged account is allowed to log in. ... you're gaining nothing at all by running two ssh daemons ... Using odd port numbers isn't very useful either, ... I have SSH exposed to the world with key-only login and an iptables ...
      (Ubuntu)
    • Re: ssh and subsequent telnet, encrypted?
      ... >> account of mine only to launch telnet to a newsserver from ... is that telnet session (since it is embedded in the ssh ... the traffic between my shell account and the newsserver is ...
      (comp.security.ssh)
    • RE: Illegal user ssh probes
      ... the attacked account names. ... Subject: Illegal user ssh probes ... On linux the admin account could possibly lead to access on the box. ...
      (SSH)