Excellent question, I'd like to see the answer to this one too!
>From www.ssh.fi:
"Secure Shell is the secure login program that has changed remote management
of networks hosts over the Internet. It is a powerful, yet easy-to-use
application that uses strong cryptography for protecting all transmitted
confidential data, including passwords, binary files, and administrative
commands."
>From CERT:
"97-04-30 - SSH Security Flaws
Serious vulnerabilities have been identified in the SSH protocol (version
1.5) and its implementation in the SSH server versions 1.2.17 and earlier.
This vulnerability has been addressed in the 1.2.20 beta
<ftp://ftp.cs.hut.fi/pub/ssh/ssh-1.2.20.tar.gz> and the commercial 1.3
release, expected within a couple of weeks. "
>From ww.rootshell.com
11/5/98 - SSH 1.2.26 contains a buffer overflow in its client kerberos code.
9/7/97 - Any normal user can redirect privileged ports using secure shell
daemon.
8/9/97 - Using SSH, a non-root user can open privleged ports and redirect
them.
Strong cryptography would imply that hijacking would not work. However, if
public key cryptography is used with PKI it might be possible for a
man-in-the-middle attack to succeed. These exploits do not involve
hyjacking sessions.
> -----Original Message-----
> From: Ben Nagy [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, May 14, 1999 1:36 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Securing analog phone lines (!)
>
> I know this is only hazily part of the focus of the list, but the comment
> about intercepting SSH communications over an insecure wire interested me.
> I
> guess we have a fair few posts that touch on deliver secure services
> through
> firewalls, so maybe it's relevant.
>
> Cryptography is not one of my strong areas, but I thought SSH was designed
> to avoid hijacking and man-in-the-middle attacks? I don't know exactly how
> it works, but something like pre-shared RSA keys or certificates could be
> used to authenticate hosts in a manner that a hacker sitting on the wire
> wouldn't be able to impersonate because the secret segment is never
> transmitted...right? Even Diffie-Helman or something should be proof
> against
> a middleman...
>
> Is there a cryptographer in the house? 8)
>
> --
> Ben Nagy
> Network Consultant, CPM&S Group of Companies
> Direct Dial: (08) 8422 8319 Mobile: (0414) 411 520
>
>
> Well, and this may go beyond the scope of this list, but ...
> Securing
> analog lines (or any line for that matter) is hard becuase the telco
> in most places isnt secure.. It would be really easy for a person
> to
> access the junction box (anywhere between you and the Central Office
> of the telco) cut the phone wire, add in a line simulator (so that
> your side gets dialtone, line voltage etc), add a computer with a
> couple modems, one going to you, via the line simulator, one going
> to the telco, and effectivly sniff the traffic.. The software to
> control this would be fairly easy, and could most likely be written
> by anyone that took a first year programming class (even a HS
> class)..
>
> Anyway, the only real way to prevent something like this is to have
> encryption on this link, and then you couldnt do something like the
> way SSH works becuase the person could intercept the key exchange,
> and exchange their key with you, and their key with the system you
> were tryiung to connect to, thus giving them cleartext..
>
> But this type of attack is rare, and typically only done by people
> that you wouldnt detect anyway, or by people who are going after
> very
> specific information, and not just random stuff (which appears to be
> a lot more common, the random stuff that is)..
>
> Anyway, I am rambling again so ... :)
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
