[conspire] Re: (forw) Re: [vox] password stolen at linuxworld
Rick Moen
rick at linuxmafia.com
Sun Aug 10 21:38:41 PDT 2003
Quoting Ryan (ryan at cal.net):
> I may keep my home direcroty after manualy inspecting my dotfiles.
Yeah, that's what I'd do.
> Didn't touch those.
Oh, you were using your own laptop? Hmm. OK. That eliminates the
compromised-host problem, but leaves the risk of compromised networks.
> I had a copy of a key from when I used it at keven's house. I connected by IP
> address. I should have known better then to trust a host key on a hostile
> network.
Yes. If your ssh client informed you of a destination host key
previously unknown to it, and asked if you wished to accept it, that's
precisely the point where your decision equates to "Do I wish to do
something risky?" If you see that message and don't expect it (or see
the "Warning: the host key has changed" one), then it's a good time to
become justifiably paranoid.
> Yes, I know this. I suspect I was tricked into using an SSHv1 session.
I'm guessing you mean you had the host's sshv2 key in ~/.ssh/known_hosts2,
but were somehow maneouvered by the hostile network into opening an
sshv1 connection -- which thereupon told you about a previously unknown
host key, which you accepted to complete the connection (to a host doing
MITM information-gathering).
That's possible. The overall point I was making is that host ID is
crucial: You can safely carry out encrypted connections over hostile
networks all day long, but only provided that you don't accept new or
changed host keys, relying solely on ones in your known_hosts/known_hosts2
files.
--
Cheers,
Rick Moen Age, baro, fac ut gaudeam.
rick at linuxmafia.com
More information about the conspire
mailing list