Re: sshd1 allows unencrypted sessions regardless of server policy

From: David Schwartz (davidsat_private)
Date: Wed Dec 15 1999 - 13:32:37 PST

Next message: Andrew Malcolm: "Recent postings about SCO UnixWare 7"

Previous message: Emiliano Kargieman: "Re: SSH 1 Why?"
Maybe in reply to: Markus Friedl: "sshd1 allows unencrypted sessions regardless of server policy"
Next in thread: Markus Friedl: "Re: sshd1 allows unencrypted sessions regardless of server policy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> That aside, this hole could be useful in a situation where Party A wants
> to help Party B compromise a system without leaving a paper trail.  Party
> A trojans an ssh client binary, Innocent Bystander C does an ssh
> connection somewhere, and Party B sniffs the cleartext traffic.  No
> evidence to point to Party B.  If instead Party A trojaned the binary to
> send Party B a carbon-copy, and a white hat could extract this, then Party
> B is implicated.
>
> jm

	Nonsense. He could just as easily trojan ssh to broadcast the encryption
key. If he can sniff the cleartext traffic, he can sniff the key. The point
stands -- a server cannot protect you against a client compromise.

	DS

Next message: Andrew Malcolm: "Recent postings about SCO UnixWare 7"
Previous message: Emiliano Kargieman: "Re: SSH 1 Why?"
Maybe in reply to: Markus Friedl: "sshd1 allows unencrypted sessions regardless of server policy"
Next in thread: Markus Friedl: "Re: sshd1 allows unencrypted sessions regardless of server policy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:21:17 PDT