On Tue, 14 Dec 1999, Pavel Machek wrote: > > Because passphrase-less hostkeys are 'encrypted' with cipher "none" > > the code for this cipher is always compiled into the programs. This > > way the client is free to choose "none" and no server will complain. > > And what? Malicious ssh client can make non-encrypted connection. But > malicious ssh client can also send carbon-copy of all communication to > www.cia.org:5000! There's no way to protect from malicious ssh > clients... Of course, but that's no excuse for a lapse in good programming. If the server tells the client "here, pick from this list", it's common sense that the server would check the client's response to see if it's valid. That aside, this hole could be useful in a situation where Party A wants to help Party B compromise a system without leaving a paper trail. Party A trojans an ssh client binary, Innocent Bystander C does an ssh connection somewhere, and Party B sniffs the cleartext traffic. No evidence to point to Party B. If instead Party A trojaned the binary to send Party B a carbon-copy, and a white hat could extract this, then Party B is implicated. jm
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:21:06 PDT