Graphics Programs Reference
In-Depth Information
communication channel with the attacker, the signatures won't match and A
will be alerted with a warning.
In the previous example, 192.168.42.250 (tetsuo) had never previously
communicated over SSH with 192.168.42.72 (loki) and therefore didn't
have a host fingerprint. The host fingerprint that it accepted was actually
the fingerprint generated by mitm-ssh. If, however, 192.168.42.250 (tetsuo)
had a host fingerprint for 192.168.42.72 (loki), the whole attack would
have been detected, and the user would have been presented with a very
blatant warning:
iz@tetsuo:~ $ ssh jose@192.168.42.72
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
84:7a:71:58:0f:b5:5e:1b:17:d7:b5:9c:81:5a:56:7c.
Please contact your system administrator.
Add correct host key in /home/jon/.ssh/known_hosts to get rid of this message.
Offending key in /home/jon/.ssh/known_hosts:1
RSA host key for 192.168.42.72 has changed and you have requested strict checking.
Host key verification failed.
iz@tetsuo:~ $
The openssh client will actually prevent the user from connecting until
the old host fingerprint has been removed. However, many Windows SSH
clients don't have the same kind of strict enforcement of these rules and will
present the user with an “Are you sure you want to continue?” dialog box.
An uninformed user might just click right through the warning.
0x752 Differing SSH Protocol Host Fingerprints
SSH host fingerprints do have a few vulnerabilities. These vulnerabilities
have been compensated for in the most recent versions of openssh, but they
still exist in older implementations.
Usually, the first time an SSH connection is made to a new host, that host's
fingerprint is added to a
known_hosts
file, as shown here:
iz@tetsuo:~ $ ssh jose@192.168.42.72
The authenticity of host '192.168.42.72 (192.168.42.72)' can't be established.
RSA key fingerprint is ba:06:7f:d2:b9:74:a8:0a:13:cb:a2:f7:e0:10:59:a0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.42.72' (RSA) to the list of known hosts.
jose@192.168.42.72's password: <ctrl-c>
iz@tetsuo:~ $ grep 192.168.42.72 ~/.ssh/known_hosts
192.168.42.72 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEA8Xq6H28EOiCbQaFbIzPtMJSc316SH4aOijgkf7nZnH4LirNziH5upZmk4/
JSdBXcQohiskFFeHadFViuB4xIURZeF3Z7OJtEi8aupf2pAnhSHF4rmMV1pwaSuNTahsBoKOKSaTUOW0RN/1t3G/
52KTzjtKGacX4gTLNSc8fzfZU=
i
z@tetsuo:~ $
