Re: SSH Fingerprint Validation and Authentication

From: Per Hedeland (per@hedeland.org)
Date: 04/17/03 

From: per@hedeland.org (Per Hedeland)
Date: Thu, 17 Apr 2003 21:52:57 +0000 (UTC)

In article <20030416015657.19627.qmail@gacracker.org> saifa
<saifa@redneck.gacracker.org> writes:
>
>Let's say that a user connects to my machine for the first time using
>SSH, and is presented with:
>
> [user@host user]# ssh host.domain.org
> The authenticity of host 'host.domain.org (hhh.xxx.yyy.zzz)' can't be
>established.
> RSA key fingerprint is 5b:37:cf:68:84:57:6f:1c:27:0e:2a:ef:fd:52:10:49.
> Are you sure you want to continue connecting (yes/no)?
>
>I understand that the error received if a key has *changed* will alert
>the user to a possible compromise, but how does this initial warning
>help? If the user contacts me and asks "what is your SSH RSA
>fingerprint?," how does this help the user determine that the machine
>hasn't been compromised?

Surely you don't think that SSH can help you figure out if a host has
been compromised? And of course that is not the purpose of the server
authentication, it is to defend against a man-in-the-middle attack.
I.e. if the user contacts you and asks for the fingerprint, and what you
say agrees with what his client has printed, he can conclude that there
is no man-in-the-middle, and not only continue with the session but also
approve that his client saves the public key for future connections (so
as to not have to call you on the phone every time:-).

Likewise, the more severe warning/error you get when there is a mismatch
with the previously saved key is due to this indicating that there may
*be* a man-in-the-middle. In practice, the most common *actual* cause is
that an ignorant admin has changed the remote host key (and this is most
unfortunate) - but that is not what it is *intended* to detect (and I
don't know why anyone compromising the host would go and change the host
key...).

--Per Hedeland
per@hedeland.org

Relevant Pages

  • [opensuse] Re: envvar DISPLAY not set on bash invocation fr/sshd
    ... host before calling ssh, as recommended by Sam. ... Your ssh client can connect to:0 fine, ... and she wants to use X clients on the other hosts via ssh X11 forwarding and *not* via remote X. ...
    (SuSE)
  • Re: Some questions about using and installing SSH (OpenSSH)
    ... I then use PuTTY or any ssh client to connect to the server as bob. ... > If the host I am connecting to is an evil guy which pretends to be the correct host I will NOT detect it. ... > Sometimes I read about the difference between Client Authentication and User Authentication. ...
    (comp.security.ssh)
  • Some questions about using and installing SSH (OpenSSH)
    ... I am currently installing a SSH system (client + server). ... If the host I am connecting to is an evil guy which pretends to be the correct host I will NOT detect it. ... Sometimes I read about the difference between Client Authentication and User Authentication. ...
    (comp.os.linux.security)
  • Some questions about using and installing SSH (OpenSSH)
    ... I am currently installing a SSH system (client + server). ... If the host I am connecting to is an evil guy which pretends to be the correct host I will NOT detect it. ... Sometimes I read about the difference between Client Authentication and User Authentication. ...
    (comp.security.ssh)
  • Re: Apache Software Foundation Server compromised, resecured. (fwd)
    ... ssh-agent with the private key. ... Note also that in a multiple-key scenario, the SSH client provides no way ... keys are then forwarded by the host you have connected to. ... Note that X11 forwarding has similar compromise properties, ...
    (FreeBSD-Security)