[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: SSH key spoofing
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: SSH key spoofing
- From: "Ringo Kamens" <2600denver@xxxxxxxxx>
- Date: Wed, 3 Jan 2007 01:54:43 -0700
- Delivered-to: firstname.lastname@example.org
- Delivered-to: email@example.com
- Delivered-to: firstname.lastname@example.org
- Delivery-date: Wed, 03 Jan 2007 03:55:10 -0500
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=aAEBRnAOF6LgVZvDm31SyEmeq6fCE+h5DMXG0l51wuP8Ki5gv2VDIhRwYbr3ItiXr+t5xxqhD8eLsqCAUMaNKvr4ufExWq7qM7Fm179JdyP/UzLRJFQ3eCsjBOe6F3v/I4ICwgXVvtO8U/H0oYV4uSQ1BNhZ++L7/B918mx4xic=
- In-reply-to: <20070103063000.GD1155@fscked.org>
- References: <20070103063000.GD1155@fscked.org>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
Wouldn't constantly changing ssh keys make it more secure?
On 1/2/07, Mike Perry <mikepery@xxxxxxxxxx> wrote:
Deliberately breaking threading so this doesn't fall through the
Thus spake Robert Hogan (robert@xxxxxxxxxxxxxxx):
> Got this when testing an ssh connection:
> WARNING: DSA key found for host shell.sf.net
> in /home/robert/.ssh/known_hosts:8
> DSA key fingerprint 4c:68:03:d4:5c:58:a6:1d:9d:17:13:24:14:48:ba:99.
> The authenticity of host 'shell.sf.net (18.104.22.168)' can't be
> but keys of different type are already known for this host.
> RSA key fingerprint is cf:9b:db:c4:53:c3:f0:0d:e8:c4:15:33:61:71:01:ca.
> Are you sure you want to continue connecting (yes/no)? no
> Tor first attempted to attach a circuit with toxischnet as it's exit. This
> didn't work, so it then used tormentor. I then got the above.
> I subsequently used both toxischnet and tormentor to connect without any
> authentication issues. The RSA fingerpint is not listed by sourceforge.
> Malice? Misconfiguration of some sort? Anyone care to test either of these
Hrmm.. My scanner seems to be getting hung on some bug (possibly one
that I'm tickling in Tor or possibly my own), so I haven't seen this
during automatic scanning yet, but I can confirm manually that
tormentor IS in fact regularly changing ssh keys. It should be
delisted as an exit ASAP.
toxischnet is currently hibernating, so its hard to say on that one.
Mad Computer Scientist
fscked.org evil labs