[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

SSH key spoofing



Deliberately breaking threading so this doesn't fall through the
cracks. 

Thus spake Robert Hogan (robert@xxxxxxxxxxxxxxx):

> 
> Got this when testing an ssh connection:
> 
> WARNING: DSA key found for host shell.sf.net
> in /home/robert/.ssh/known_hosts:8
> DSA key fingerprint 4c:68:03:d4:5c:58:a6:1d:9d:17:13:24:14:48:ba:99.
> The authenticity of host 'shell.sf.net (66.35.250.208)' can't be established
> but keys of different type are already known for this host.
> RSA key fingerprint is cf:9b:db:c4:53:c3:f0:0d:e8:c4:15:33:61:71:01:ca.
> Are you sure you want to continue connecting (yes/no)? no
> 
> 
> Tor first attempted to attach a circuit with toxischnet as it's exit. This 
> didn't work, so it then used tormentor. I then got the above.
> 
> I subsequently used both toxischnet and tormentor to connect without any key 
> authentication issues. The RSA fingerpint is not listed by sourceforge. 
> 
> http://sourceforge.net/docs/G04/en/#fingerprintlist
> 
> Malice? Misconfiguration of some sort? Anyone care to test either of these 
> exits?

Hrmm.. My scanner seems to be getting hung on some bug (possibly one
that I'm tickling in Tor or possibly my own), so I haven't seen this
during automatic scanning yet, but I can confirm manually that
tormentor IS in fact regularly changing ssh keys. It should be
delisted as an exit ASAP.

toxischnet is currently hibernating, so its hard to say on that one.

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs