[Sshmgmt] Impact of missing SSH hostkey verification in the light of pubkey authentication
lair@bitmessage.ch Thu, 13 March 2014 19:34 UTC
Return-Path: <lair@bitmessage.ch>
X-Original-To: sshmgmt@ietfa.amsl.com
Delivered-To: sshmgmt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 795C41A066A for <sshmgmt@ietfa.amsl.com>; Thu, 13 Mar 2014 12:34:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.152
X-Spam-Level:
X-Spam-Status: No, score=0.152 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k5t_M-7laAhn for <sshmgmt@ietfa.amsl.com>; Thu, 13 Mar 2014 12:34:26 -0700 (PDT)
Received: from mail.bitmessage.ch (mail.bitmessage.ch [146.228.112.252]) by ietfa.amsl.com (Postfix) with SMTP id E3E301A078B for <sshmgmt@ietf.org>; Thu, 13 Mar 2014 12:34:23 -0700 (PDT)
dkim-signature: v=1; a=rsa-sha256; d=bitmessage.ch; s=mail; c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type:Content-Transfer-Encoding; bh=yfNFR2MGTmDL9pHT6Gp0Wa/0ehaF/hAtxzsdObgsjaI=; b=An0gvDlg8mhbFICNphEKhZjVxIV41xsLQlx0mBdvNZmis1mEd9y8uksFpDKpuule6kJTay9QhI4b7JGWC06wwJ9gWOh4pI+2c7SoF7zVVTyStjW+wJB2BuhgnJIhCMgCr45MnMQEfeW+iE1QZKfFuaHxI08u/QtQc8cH7ABK+9o=
Received: from bitmessage.ch (BITMESSAGE [127.0.0.1]) by mail.bitmessage.ch ; Thu, 13 Mar 2014 20:34:03 +0100
X-Squirrel-UserHash: BiRDVQY9A3ddDnlhElANHy4PSmp9W3IGDAw9VlMJJX5YX2V0ICkMDhEDFl1DWVZQagoG
X-Squirrel-FromHash: fA0KU1MNQ0o=
Message-ID: <5e0362600286d9755be71b743f0d318a.squirrel@bitmessage.ch>
Date: Thu, 13 Mar 2014 12:34:03 -0700
From: lair@bitmessage.ch
To: sshmgmt@ietf.org
User-Agent: SquirrelMail/1.4.22
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Archived-At: http://mailarchive.ietf.org/arch/msg/sshmgmt/FTcersb9oQIBP3phOXdTLpP89Qk
Cc: info@gremwell.com
Subject: [Sshmgmt] Impact of missing SSH hostkey verification in the light of pubkey authentication
X-BeenThere: sshmgmt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This list will discuss SSH key management practices. The starting point will be to consider what to do with draft-ylonen-sshkeybcp" <sshmgmt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sshmgmt>, <mailto:sshmgmt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sshmgmt/>
List-Post: <mailto:sshmgmt@ietf.org>
List-Help: <mailto:sshmgmt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sshmgmt>, <mailto:sshmgmt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Mar 2014 09:04:42 -0000
Hi,
since I read gremwell's blogpost [1] a few years ago I believed to be safe
against MITM attacks even without properly performing hostkey checks as
long as I use pubkey authentication, but in section 2.2.6 ("Dangers of
Unverified and Shared Host Keys") of the last draft version [2] it says:
"
Many file transfer applications, privileged access management
systems, and systems management applications do not check host keys
for hosts that they connect to. This permits a man-in-the-middle
attack to be performed in the network. Many tools are available for
this and any device connected to a network through which the
connection goes can be used for the attack - including, e.g.,
reprogrammed smart switches.
*Man-in-the-middle attacks are a risk regardless of the authentication
method* if hosts keys are not properly verified. The attack permits
injection of arbitrary commands into the session, and reading and
modifying any transferred files (including injection of bogus file
transfers). A successful man-in-the-middle attack from the network
gives the same power as being able to use a trust relation leading to
the destination host.
"
So that means that even ssh connections established via pubkey auth are
vulnerable to MITM attacks if the client doesn't properly perform hostkey
checking?
Do you know of a tool that implements MITM attacks against pubkey
authentication?
thanks for clarifying!
Simon
[1] http://www.gremwell.com/ssh-mitm-public-key-authentication
[2] http://tools.ietf.org/id/draft-ylonen-sshkeybcp-01.txt