On Tue, Dec 14, 1999 at 02:35:05PM -0500, Michael H. Warfield wrote: > On Tue, Dec 14, 1999 at 04:43:32PM +0100, Markus Friedl wrote: > > Because passphrase-less hostkeys are 'encrypted' with cipher "none" > > the code for this cipher is always compiled into the programs. This > > way the client is free to choose "none" and no server will complain. > > AFAIK... The passpharse-less host keys are encrypted with 3-DES > and no password. [...] Please look at the source. E.g. ssh-1.2.12/authfile.c reads: int save_private_key( [...] if (strcmp(passphrase, "") == 0) cipher_type = SSH_CIPHER_NONE; Older versions may have used a real cipher with key "". Note also that SSH_CIPHER_NONE is also used for 'encryption' before client and server have exchanged the session-key. Many of you disagree with me and are saying that this cipher-none issue is a non-issue. But once more I like to point out that this a security problem in a wider sense as it affects your security _policy_. If you decide to remove telnet/rlogin and configure ssh with '--without-none' you still have not disabled cleartext logins. This is not about bufferoverflows or exploits, this is about your security _policy_, so it is still a security issue. Moreover, if a third party manages to replace the (unauthenticated) server messages "I will accept only ciphers IDEA and 3DES" with "I will accept only cipher NONE" you don't even need a malicious client.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:21:18 PDT