clogin vulnerable to MITM attack with ssh host keys

John Dorsey dorsey at colquitt.org
Thu Jun 9 18:12:19 UTC 2005


Ed,

> I disagree with what this fragment of clogin does:

[unsafe ssh host key handling deleted]

	I agree with your security stance.  Unfortunately, there are
some inobvious operational obstacles to handling this correctly.

	One I'm aware of is the handling of ssh host keys by redundant
pairs of pix firewalls.  In Pix failover, the devices swap their IP and
MAC addresses, but not their ssh host keys[1].  So when the pix pair
fails, a new host key is seen.  I don't want to miss a rancid update,
especially just after a failover, which may have been influenced by a
configuration change.

	If the current MITM-exposed behavior was optionally available,
my concern would be satisfied.  Unfortunately, I don't currently have
any time available for coding a patch.  I might, in a few weeks.

Cheers,
John Dorsey

[1]  It's pure conjecture, but I've always assumed PIX doesn't try to
virtualize the host key because it would make it easier to extract said
key from the firewall, and then mount a spoof attack.  I'm not sure
that's a good trade-off, since we have to deal with constant host key
mismatches.




More information about the Rancid-discuss mailing list