Hey all, I came across a security news article, referenced by linux.org/news, at techworld.com/security/news/index.cfm?NewsID=3668 talking about an SSH weakness involving the known_hosts file. I apologize if this issue has already been addressed, but the mailing list archives didn't turn up anything when i tried searching for something relevant. So; not to knee-jerk or anything, but is anyone currently looking into this? Does this need to be addressed, or has it already been taken care of? Offhand, on a scale of 0 - 11, this would seem to rate kinda high, ~7. Am i off-base?>From the article: "a known_hosts hashing scheme proposed by MIT has beenimplemented in OpenSSH 4.0 and in a patch for earlier versions of SSH". Looking at my own ~/.ssh/known_hosts file, the entries appear to be encrypted, by default; i assume this is a Good Thing. Installed ssh package = openssh-server-3.9p1-8.0.1. Shall i now resume my warm fuzzies and assume all is snug and secure in openssh-land?
--On Wednesday, May 18, 2005 02:30:38 PM -0500 "Gabriel M. Elder" <eldergabriel at charter.net> wrote:> Hey all, > > I came across a security news article, referenced by > linux.org/news, at > > techworld.com/security/news/index.cfm?NewsID=3668 > > talking about an SSH weakness involving the known_hosts file. I > apologize if this issue has already been addressed, but the mailing list > archives didn't turn up anything when i tried searching for something > relevant. So; not to knee-jerk or anything, but is anyone currently > looking into this? Does this need to be addressed, or has it already > been taken care of? Offhand, on a scale of 0 - 11, this would seem to > rate kinda high, ~7. Am i off-base?It's about a 1. If someone breaks into your machine with an older version of SSH, they can get a list of hosts you've connected to. Whoopee. Unless you scrub your .bash_history (or equivalent), you're already exposed to this. More FUD from "security" stories. The real solution is to stop using known_hosts files. There are some patches floating around that do this for X.509 certs, and it's possible with GSSAPI already (I think...). It would be really nice to get LDAP or DNSSEC support, but I don't think there are current patches for either. -- Carson Gaspar -- Carson Gaspar
Gabriel M. Elder wrote:> Hey all, > > I came across a security news article, referenced by > linux.org/news, at > > techworld.com/security/news/index.cfm?NewsID=3668 > > talking about an SSH weakness involving the known_hosts file. I > apologize if this issue has already been addressed, but the mailing list > archives didn't turn up anything when i tried searching for something > relevant. So; not to knee-jerk or anything, but is anyone currently > looking into this? Does this need to be addressed, or has it already > been taken care of? Offhand, on a scale of 0 - 11, this would seem to > rate kinda high, ~7. Am i off-base?It is a problem mainly for large educational facilities and labs, where users use weak authenticators (same passwords, password-less public keys, etc) on multiple hosts. In these cases, an attacker (or their worm) could use the known_hosts file as a hit-list of other hosts to try. I think some of the publicity is a little overblown because the same information is available from many other sources: shell histories, netstat or ps output, etc. Furthermore, if an account is already compromised, then there are far more effective ways for a worm to gain access to other accounts (e.g. fudge $PATH to contain a trojan ssh that steals account/password/host information directly). Anyway, we implemented the HashKnownHosts (see "man ssh") to address this. Admins should be aware that this doesn't make the problem go away, but it does make the attack harder (hopefully too hard for a worm).>>From the article: "a known_hosts hashing scheme proposed by MIT has been > implemented in OpenSSH 4.0 and in a patch for earlier versions of SSH". > Looking at my own ~/.ssh/known_hosts file, the entries appear to be > encrypted, by default; i assume this is a Good Thing. Installed ssh > package = openssh-server-3.9p1-8.0.1. Shall i now resume my warm fuzzies > and assume all is snug and secure in openssh-land?No - unless your admins have modified 3.9p1 for you, your file probably looks like: hostname ssh-rsa AAAAAPO7JD765SPF2OJ337FSAPSO... This change is about hashing "hostname" so noone can tell what hosts you have visited. -d
Gabriel M. Elder wrote:> Hey all, > > I came across a security news article, referenced by > linux.org/news, at > > techworld.com/security/news/index.cfm?NewsID=3668 > > talking about an SSH weakness involving the known_hosts file. I > apologize if this issue has already been addressed, but the mailing list > archives didn't turn up anything when i tried searching for something > relevant. So; not to knee-jerk or anything, but is anyone currently > looking into this? Does this need to be addressed, or has it already > been taken care of? Offhand, on a scale of 0 - 11, this would seem to > rate kinda high, ~7. Am i off-base?It is a problem mainly for large educational facilities and labs, where users use weak authenticators (same passwords, password-less public keys, etc) on multiple hosts. In these cases, an attacker (or their worm) could use the known_hosts file as a hit-list of other hosts to try. I think some of the publicity is a little overblown because the same information is available from many other sources: shell histories, netstat or ps output, etc. Furthermore, if an account is already compromised, then there are far more effective ways for a worm to gain access to other accounts (e.g. fudge $PATH to contain a trojan ssh that steals account/password/host information directly). Anyway, we implemented the HashKnownHosts (see "man ssh") to address this. Admins should be aware that this doesn't make the problem go away, but it does make the attack harder (hopefully too hard for a worm).>>From the article: "a known_hosts hashing scheme proposed by MIT has been > implemented in OpenSSH 4.0 and in a patch for earlier versions of SSH". > Looking at my own ~/.ssh/known_hosts file, the entries appear to be > encrypted, by default; i assume this is a Good Thing. Installed ssh > package = openssh-server-3.9p1-8.0.1. Shall i now resume my warm fuzzies > and assume all is snug and secure in openssh-land?No - unless your admins have modified 3.9p1 for you, your file probably looks like: hostname ssh-rsa AAAAAPO7JD765SPF2OJ337FSAPSO... This change is about hashing "hostname" so noone can tell what hosts you have visited. -d