On Aug 31, 2006, at 2:02 PM, Christ, Bryan wrote:
My question is this... What prevents Eve from passing along the
challenge information to Alice? In other words, even though Eve does
not have the private key, and therefore cannot decrypt, Alice does.
Therefore Eve could send the information to Alice, get a valid
response,
and then Eve passes that response back to Bob. Bob still has no
way of
know that Eve is impersonating Alice and/or brokering messages.
In this situation, Eve would only see the encrypted traffic, because
Alice's responses are encrypted with Bob's public key. I'm far from
an expert on this, but I'm pretty sure that public key encryption is
used just to set up symmetric key encryption so this is a bit
oversimplified. But the answer you are looking for is that if Eve
simply passes the traffic back and forth, she won't have the private
keys to decrypt the traffic--she just sees a garbled mess (of course
Eve can do this if she wants--but at this point, she's just acting as
a router). In order for Eve to decipher the traffic (and perform a
meaningful attack), she has to impersonate Alice by connecting to
each with a separate ssh session, in which case the keys don't match--
ssh keeps the fingerprints on file. If Alice tries a MITM attack on
the very first time Bob connects to Alice, though, Bob won't have the
fingerprint on file. If Bob is cautious, however, he will have
gotten the fingerprint from Alice beforehand, using the telephone,
PGP/GPG or some other means, and he would notice that the fingerprint
of Eve's key doesn't match the fingerprint that Alice told him to
expect.
On Wed, 2006-08-30 at 15:58 -0600, Daniel DeLeo wrote:
As far as I know, the fingerprint is based on the public key (or is
the key? someone who knows more than I might want to clarify this) of
the SSH server. Eve could pass on the fingerprint, but she would not
have the private key, so data encrypted using the public key
associated with that fingerprint could not be decrypted by Eve. Of
course, nothing stops Eve from presenting her own key and hoping that
the user doesn't check the fingerprints.
On Aug 29, 2006, at 3:35 PM, Christ, Bryan wrote:
All,
Please pardon my naivete.
I was looking at the diagram on the URL listed below and
contemplating
how host fingerprinting prevents MITM attacks.
http://www.vandyke.com/solutions/ssh_overview/
ssh_overview_threats.html
So my question is this... Given the illustration in the URL above,
what
prevents Eve from *first* contacting Alice to obtain a fingerprint
which
then gets passed to Bob on the first connection attempt?
