On 4/10/07, Jithesh Kaveetil <[EMAIL PROTECTED]> wrote:
Consider this situation:
hostA is IP address is 1.2.3.4
known_hosts file in hostB has entry for hostA, as below:
hostA,1.2.3.4 ssh-rsa <key......>
From hostB, I execute
ssh [EMAIL PROTECTED]
Let us say, there is DNS spoofing and hence I get connected to a different host.
DNS is spoofed, you get a different IP address.
ssh will try to search in the known_hosts for an entry corresponding
to hostA. It tries to match the key found with what was given by the
remote end. There is key mismatch and user is informed.
In such a case, regular host name checking was enough to detect the
DNS spoofing. The IP address check did not even come into picture.
You are missing the step of comparing the IP address you are connecting
to with the IP address listed in the known_hosts for the hostA entry.
If at all, the remote end had the correct keys, then both host name
and IP address check would have passed. Here, the IP address check
does not give any additional security.
So with CheckHostIP yes, The key and the IP must match the hostA
entry in the known_hosts, not just the key.
In summary, I am not able to understand the additional benefits in
doing 'CheckHostIP'.
Your comments on this would really help.
regards,
-Jithesh
--
And, did Galoka think the Ulus were too ugly to save?
-Centauri
