> All, >
> Please pardon my naivete. > > I was looking at the diagram on the URL > listed below and contemplating how host > fingerprinting prevents MITM attacks. > > http://www.vandyke.com/solutions/ssh_overview/ssh_overview_threats.html > > So my question is this... Given the > illustration in the URL above, what > prevents Eve from *first* contacting Alice > to obtain a fingerprint which then gets > passed to Bob on the first connection > attempt? The host key fingerprint isn't actually passed between server and client. Instead, the server provides the entire public portion of the host key and the client generates the fingerprint using a hashing algorithm. The first time Bob (a client) attempts to connect to Alice (a server), Bob is responsible for validating the public portion of the host key. Typically Bob would compare the generated fingerprint to a fingerprint requested of Alice by some other means (e.g phone conversation, secure web site, etc.). During the initial setup of the SSH connection, the server is required to use its private portion of the host key to generate a signature. This signature is verified by the client using the public portion of the host key. Therefore, even if Eve (MITM/WITM) has the public portion of Alice's host key, Eve cannot successfully pretend to be Alice since Eve does not possess the private portion of Alice's host key which is required to generate a valid signature. Additionally, if Eve attempts to fool Bob by presenting a different host key, the fingerprint Bob generates will not match the fingerprint provided by Alice as described earlier. You can find more "light reading" on the subject of MITM attacks related to SSH in section 9.3.4 of the SSH Protocol Architecture RFC: http://www.ietf.org/rfc/rfc4251.txt There is also a white paper treating the topic of host keys that you might find useful: http://www.vandyke.com/solutions/host_keys/index.html Does this information help clarify? --Jake Jake Devenport VanDyke Software Technical Support
