[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Ssh MITM attack when using tor

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Ssh MITM attack when using tor
From: James Muir <jamuir@xxxxxxxxxxxxxxx>
Date: Fri, 02 Feb 2007 16:29:33 -0500
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Fri, 02 Feb 2007 16:27:05 -0500
In-reply-to: <5e3f62880702021316o33a901b8j572bd4ce3a546cee@mail.gmail.com>
References: <7i1wl8l5l3.fsf@lanthane.pps.jussieu.fr> <45C3A777.6070407@scs.carleton.ca> <5e3f62880702021305pe61887dpb95f22640dc60d6e@mail.gmail.com> <768c60d30702021312sa1691f0u7def8fd2d962fc6b@mail.gmail.com> <5e3f62880702021316o33a901b8j572bd4ce3a546cee@mail.gmail.com>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.9 (X11/20070104)

Bryan Fordham wrote:

If someone were to upgrade/change their server OS or generate a new key for purely non-malicious reasons, this could happen, no?

that's true. But if you disconnect, reconnect, and get the old key, something is funky.

fwiw, that's what's happened to me. And I know the ssh key on the server hasn't changed.

Just because you upgrade your OS doesn't mean you should throw out all your server's public keys. I would think that the server's maintainer would migrate the public keys over to the new system (if they remember, and if their hard drive hasn't crashed).

In any case, ssh public keys are self-created and are not validated by TTPs. So, the very first time you connect to the server I don't think you would be able to detect a mitm attack.

-James

Follow-Ups:
- Re: Ssh MITM attack when using tor
  - From: Bryan Fordham
- Re: Ssh MITM attack when using tor
  - From: Dave Page

References:
- Ssh MITM attack when using tor
  - From: Juliusz Chroboczek
- Re: Ssh MITM attack when using tor
  - From: James Muir
- Re: Ssh MITM attack when using tor
  - From: Bryan Fordham
- Re: Ssh MITM attack when using tor
  - From: P Jones
- Re: Ssh MITM attack when using tor
  - From: Bryan Fordham

Prev by Author: Re: Ssh MITM attack when using tor
Next by Author: how did my OP discover this IP address?
Previous by thread: Re: Ssh MITM attack when using tor
Next by thread: Re: Ssh MITM attack when using tor
Index(es):
- Author
- Thread