My question is regarding the possibility of someone wiretapping the communication and repeat the action. What if an intruder notice that there's a secure session starting (by guessing at the dst IP address and unintelligible payload) and then start capturing all the packets on this session for the purpose of repeating the whole session again? The secure user could add/delete interfaces and stuff, therefore just by repeating this operation the intruder could generate a big problem on the network. This could be prevented only by having a timestamp. Question: 1) Is there any timestamp mechanism on the ssh? 2) Is user's public key (RSA/DSA) method more secure that password based authentication (even though the channel itself is encrypted) ? Thank you, Sunil.
On Wed, 7 Mar 2001, Sunil K. Vallamkonda wrote:> > My question is regarding the possibility of someone wiretapping the > communication and repeat the action. What if an intruder notice > that there's a secure session starting (by guessing at the dst IP > address and unintelligible payload) and then start capturing all > the packets on this session for the purpose of repeating the whole > session again? The secure user could add/delete interfaces and > stuff, therefore just by repeating this operation the intruder could > generate a big problem on the network. > > This could be prevented only by having a timestamp.You don't need a timestamp, just random numbers.> Question: > > 1) Is there any timestamp mechanism on the ssh?No.> 2) Is user's public key (RSA/DSA) method more secure that password > based authentication (even though the channel itself is encrypted) ?>From a protocol perspective, yes.-d -- | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer
On Wed, Mar 07, 2001 at 11:41:40AM -0800, Sunil K. Vallamkonda wrote:> > My question is regarding the possibility of someone wiretapping the > communication and repeat the action. What if an intruder notice that there's > a secure session starting (by guessing at the dst IP address and > unintelligible payload) and then start capturing all the packets on this > session for the purpose of repeating the whole session again? The secure > user could add/delete interfaces and stuff, therefore just by repeating this > operation the intruder could generate a big problem on the network. > > This could be prevented only by having a timestamp.no, you are wrong. the session id is unique to each ssh connection, so you cannot replay the data.