thr3ads.net - openssh bugs - [Bug 2822] New: manpage: trojan horse vs. man-in-the-middle [Jan 2018]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon at bugzilla.mindrot.org

2018-Jan-23 05:21 UTC

[Bug 2822] New: manpage: trojan horse vs. man-in-the-middle

https://bugzilla.mindrot.org/show_bug.cgi?id=2822

            Bug ID: 2822
           Summary: manpage: trojan horse vs. man-in-the-middle
           Product: Portable OpenSSH
           Version: 7.5p1
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: minor
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: maikel at predikkta.com

Hello,

The `ssh_config` man page may be slightly confusing about
StrictHostKeyChecking. I found this sentence:

    This provides maximum protection against trojan horse attacks

I always thought the option protects against man-in-the-middle attacks.
I think if the user or the server is compromised via a trojan horse,
the connection is most likely compromised as well, regardless of host
key checking.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

bugzilla-daemon at bugzilla.mindrot.org

2018-Feb-06 05:58 UTC

head link

[Bug 2822] manpage: trojan horse vs. man-in-the-middle

https://bugzilla.mindrot.org/show_bug.cgi?id=2822

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |2782
                 CC|                            |dtucker at dtucker.net
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
Fixed, it'll be in the 7.7 release.  Thanks for the report.


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2782
[Bug 2782] Tracking bug for OpenSSH 7.7 release
-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

bugzilla-daemon at bugzilla.mindrot.org

2018-Apr-06 02:26 UTC

head link

[Bug 2822] manpage: trojan horse vs. man-in-the-middle

https://bugzilla.mindrot.org/show_bug.cgi?id=2822

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Close all resolved bugs after release of OpenSSH 7.7.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

openssh bugs - Jan 2018 - [Bug 2822] New: manpage: trojan horse vs. man-in-the-middle

[Bug 2822] New: manpage: trojan horse vs. man-in-the-middle

[Bug 2822] manpage: trojan horse vs. man-in-the-middle

[Bug 2822] manpage: trojan horse vs. man-in-the-middle