Re: Need some education: Man-in-the-Middle Attacks

From: Eygene Ryabinkin <rea-sec@xxxxxxxxxxx>
Date: Fri, 1 Sep 2006 08:53:43 +0400

Steve,

On the first connection, it doesn't help and SSH is vulnerable to the
MITM attack. The link above mentions this, but doesn't really draw
your attention to it. ;-)

It is the holy truth. That is the reason for distributing the public
keys of servers to the clients via some off-line methods.

<slight offtopic>
and that is the problem that was tried to be solved by X.509
certificates: the trusted entity (CA) signs the public key and it
is up to the client to verify the signature. Surely this just
offloads the problem to the CA public key distribution to clients.
But it is easier to propagate one CA public key than all public
keys signed by that CA. But this scheme is not much applicable
to SSH.
</slight offtopic>

However, SSH stores the host key in the "known_hosts" file so it
doesn't need to ask for it on subsequent connection attempts. The SSH
protocol has a mechanism whereby the client sends something (its
"challenge") encrypted with the public key for that server. The
server decrypts it and sends an appropriate "response" back to the
client. This lets the client know for certain that the server is the
same one as recorded in known_hosts. The MITM can't decrypt the
challenge so it doesn't know how to respond.

I've simplified this quite a bit, but I hope this is enough to answer
your question without getting too confusing. ;-)

Please, read the RFC 4253 and do not oversimplify the things: there is
no challenges in establishing the initial shared secret in SSH transport
layer.
--
Eygene

Follow-Ups:
- Re: Need some education: Man-in-the-Middle Attacks
  - From: Nathan Jackson-Eeles

Prev by Date: Re: Need some education: Man-in-the-Middle Attacks
Next by Date: Re: Need some education: Man-in-the-Middle Attacks
Previous by thread: RE: Need some education: Man-in-the-Middle Attacks
Next by thread: Re: Need some education: Man-in-the-Middle Attacks
Index(es):
- Date
- Thread

Relevant Pages

Re: Explanation of SSH
... I am still unclear on how SSH works exactly. ... Client issues SSH command and names server ... "Shopper" says "server sends back its public host and server keys ... Surely there is only one public key it sends ...
(comp.security.ssh)
[NT] Dark Age of Camelot Man-In-The-Middle
... use of RSA public key cryptography and an RC4 based symmetric algorithm. ... Seeing the imminent release of code for cracking the game client (which ... At the beginning of each TCP session, the server sends a 1536 bit RSA ... void bytes_out(unsigned char *data, int len) ...
(Securiteam)
Re: Debian SSH server configuration
... I would like to configure a Debian server to only allow clients to ssh ... I don't want any client computers to be able to ssh into ... It sounds like what you are asking for is host based authentication, ... where the server check to make sure that it has the host public key ...
(Debian-User)
Re: Basics of key authentication
... The public key gets copied to the server, ... and the client decrypts it with its private key to prove he is who he ... and the digital signature to the server. ...
(comp.security.ssh)
CPU hog - sockets
... I have a Windows services which acts as a client to a Java ... server, ... service) receives the public key, generates a session key(3DES-192 bit I ...
(microsoft.public.win32.programmer.kernel)