On 8/29/06, Christ, Bryan wrote:
I was looking at the diagram on the URL listed below and contemplating
how host fingerprinting prevents MITM attacks.
http://www.vandyke.com/solutions/ssh_overview/ssh_overview_threats.html
So my question is this... Given the illustration in the URL above, what
prevents Eve from *first* contacting Alice to obtain a fingerprint which
then gets passed to Bob on the first connection attempt?
On the first connection, it doesn't help and SSH is vulnerable to the
MITM attack. The link above mentions this, but doesn't really draw
your attention to it. ;-)
However, SSH stores the host key in the "known_hosts" file so it
doesn't need to ask for it on subsequent connection attempts. The SSH
protocol has a mechanism whereby the client sends something (its
"challenge") encrypted with the public key for that server. The
server decrypts it and sends an appropriate "response" back to the
client. This lets the client know for certain that the server is the
same one as recorded in known_hosts. The MITM can't decrypt the
challenge so it doesn't know how to respond.
I've simplified this quite a bit, but I hope this is enough to answer
your question without getting too confusing. ;-)
This may also help:
http://en.wikipedia.org/wiki/Challenge-response_authentication
-- Steve
