openssh unix dev - Feb 2019 - Possible bug: SSH doesn't prefer host keys listed in SSHFP records while connecting.

Well, known_hosts isn't exactly trusted input, since it's usually
composed of the keys you first encounter, without any additional
checking, as opposed to (hopefully) correctly signed SSHFP records.

On Sat, Feb 23, 2019 at 10:22 PM Peter Stuge <peter at stuge.se>
wrote:
>
> Yegor Ievlev wrote:
> > > I think it's a very bad idea to have the client start
treating foreign
> > > network input as equivalent to local configuration.
> >
> > Well, SSHFP is supposed to only be used on DNSSEC-enabled domains.
>
> To the client it's still foreign input, even though it's signed by
> (best case) the remote site DNS administrator.
>
>
> //Peter
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

On Sat, 2019-02-23 at 22:23 +0300, Yegor Ievlev wrote:
> Well, known_hosts isn't exactly trusted input, since it's usually
> composed of the keys you first encounter
If someone accepts keys without checking them, he cannot be helped.

>  without any additional
> checking, as opposed to (hopefully) correctly signed SSHFP records.
In fact, SSHFP is far less trustworthy, than properly exchanged host
keys (respectively fingerprints).

Anyone in the tree of the DNS down to the domain with your SSHFP RR has
the potential power to forge such RR.


C.

Well, the most likely entity who can do that is your registrar, since
it can change your nameservers and DS records.

On Mon, Feb 25, 2019 at 3:51 AM Christoph Anton Mitterer
<calestyo at scientia.net> wrote:
>
> On Sat, 2019-02-23 at 22:23 +0300, Yegor Ievlev wrote:
> > Well, known_hosts isn't exactly trusted input, since it's
usually
> > composed of the keys you first encounter
> If someone accepts keys without checking them, he cannot be helped.
>
>
> >  without any additional
> > checking, as opposed to (hopefully) correctly signed SSHFP records.
> In fact, SSHFP is far less trustworthy, than properly exchanged host
> keys (respectively fingerprints).
>
> Anyone in the tree of the DNS down to the domain with your SSHFP RR has
> the potential power to forge such RR.
>
>
> C.
>

Hi,

On Mon, Feb 25, 2019 at 01:51:16AM +0100, Christoph Anton Mitterer
wrote:
> Anyone in the tree of the DNS down to the domain with your SSHFP RR has
> the potential power to forge such RR.
This is why you only trust SSHFPs if they are DNSSEC validated.

(Of course the sysadmin who maintains your SSHFP zone entries needs to
be trusted, so you do not want to do this for zones hosted elsewhere)

gert
-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
                             Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany                             gert at
greenie.muc.de