clogin vulnerable to MITM attack with ssh host keys
John Dorsey
dorsey at colquitt.org
Thu Jun 9 21:45:32 UTC 2005
Ed,
> Does the Pix pair also have individual IP addresses that don't change?
> Then you could poll them by their individual addresses, and detect failover
> some other way (preferably with a monitoring system that will page someone
> to go look at the problem).
Not as of 6.3.x. 7.0 may have something, since it does some
different tricks w.r.t. redundancy.
The problem isn't one of detecting failover. Although I do see
failovers in rancid, they're easy to catch with SNMP. I've got an OID
around here somewhere that does that.
> > If the current MITM-exposed behavior was optionally available,
> > my concern would be satisfied.
>
> It already is - put "add sshcmd * {ssh\ -o\ Batchmode=yes}" in cloginrc. That
> should keep ssh from asking any interactive questions.
Aha! Excellent. I've spent too little time under the covers of
rancid; this is just what I was looking for.
> > Unfortunately, I don't currently have
> > any time available for coding a patch. I might, in a few weeks.
>
> I think a comment in clogin to inform the next curious person who reads the
> code, and a few words in the cloginrc man page would be sufficient.
Given the above, it's (much) less effort than I thought. I
still probably won't do anything with it very soon, but I'll try to get
around to it if nobody beats me to the punch.
Would such a patch be accepted into the project?
Cheers,
John Dorsey
More information about the Rancid-discuss
mailing list