APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

SSH Risk from known_hosts?

Got questions? Go ahead: Ask me anything!

Author: TonyLawrence
Date: Wed May 18 11:51:50 2005
Subject: SSH Risk from known_hosts?

Copyright May 2005 TonyLawrence

An MIT researcher thinks there is a big problem in ssh: http://www.techworld.com/security/news/index.cfm?NewsID=3668

I don't see it. This whole concept starts with a compromised machine. Duh: when a machine is compromised, all sorts of information about other machines it knows about is exposed. Getting the public keys from known_hosts isn't particularly useful in itself; public keys are, after all, *public* keys. Much more dangerous is the exposure of the private key counterparts. Combine the two, and yes, you may have a easy path to another machine.

I get the sense that what they are really talking about here is the danger from distributed credentials, a subject we've touched on here more than once: making it easy for the pointy eared boss and the other technically inept folk always affects security, and ssh is no different in that regard.

Maybe I'm missing something, but to my mind, a compromised box presents risk to other machines for a lot of reasons, and ssh is just one, and even that isn't necessarily an issue if you don't have other machines accepting public key authentication.

Got something to add? Send me email.

(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> SSH Risk from known_hosts?


Increase ad revenue 50-250% with Ezoic

More Articles by

Find me on Google+

© Tony Lawrence

Thu May 19 12:58:31 2005: 547   drag

I think specificly about the known hosts is that it allows a attacker to find out what the identification keys are for commonly used servers then be able to use that information to setup a fake server, thru a dns spoof or something like that, were a person's client would think that it's the normal ssh server because the identifaction information is correct.

It's sort of like the SSL thing were your browser will tell you if your server your logged into has the correct credintials, except with ssh this 'flaw' can be used to create fake credintials so that you may end up trusting the server when you realy shouldn't. You ssh in, the client checks the known_hosts file, finds out that it is correct, and you give it your password and now your account has been comprimised.

It's a small flaw, and would be immaterial by itself, but combined with other flaws.. like a incorrect DNS setup and readable home directories it can cause issues. But like they said, it's going to be fixed in ssh version 4

Thu May 19 19:45:33 2005: 550   TonyLawrence

You need the private key too.. but if the machine has been hacked, that's probably easy enough. I just don't understand why make a big fuss about readable known_hosts on a hacked machine??

Thu May 26 00:00:12 2005: 582   anonymous

You are using passphrases aren't you? With this added feature. (that takes more effort to ignore than use.) even if the black hat has pub and private versions of the key he/she is still missing the final key to being able to use them. The passphrase.

Thu May 26 00:02:51 2005: 583   TonyLawrence

Exactly. So what am I missing? Or is this maybe a Microsoft FUD piece?

Tue Jun 21 15:27:17 2005: 676   anonymous

"Pointy eared boss"? Sounds like an unholy cross-breeding of Dilbert with Star Trek. And I stress the word UNHOLY. Ugh.

Wed Jun 22 20:33:16 2005: 684   TonyLawrence

Put stuff in my head and you never know what will come out.. :-)

Yes, I was thinking of Dilbert but somehow got Spock's ears mixed in.. a mind is a terrible thing to have..

Fri Jan 12 04:47:54 2007: 2811   geofftatmitedu

Um. The problem he's describing is that they know what hosts to spend their time brute-forcing. It simply reveals the names and IPs of the hosts, not anything cryptographically important. (Indeed, the public key in theory cannot be used to compromise the server's private key.)

If hackers start port-scanning and find that linux.mit.edu runs SSH, they'll perhaps try root and guest and perhaps common names like joe and fred, and then give up (since none of those usernames exist, IIRC). But if they root my laptop, and see that my username is geofft, they'll try brute-forcing the account named geofft and use that to get a shell on the second target. And even if they don't see geofft (my local account is geoffrey), they'll know that linux.mit.edu is a worthwhile target with some number of usernames, and perhaps scour more to guess at some usernames to use.

So 1) they know what some real SSH servers are, and 2) they know where these servers are accessed from (and usually have root on the machines accessing them), which gives them quite a bit of info to work from.

Fri Jan 12 10:05:35 2007: 2812   TonyLawrence

But again, that's not a weakness in ssh.

A compromised machine is dangerous. That's like saying your car is dangerous if someone steals it. Sure, it is, but because it's been stolen, not otherwise (weak analogy(.

Kerio Samepage

Have you tried Searching this site?

Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

All this modern technology just makes people try to do everything at once. (Bill Watterson)

This post tagged: