[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH-1.5-OpenSSH-1.2.3 of debian 2.2 is secure?

On Wed, May 02, 2001 at 09:08:19PM +0200, Matteo S. wrote:
> Hello! I have a doubt. The current SSH1 in Debian 2.2 potato is secure?
> I have read that ssh2 implementation of openssh is better secure and the ssh1 is not secure. Is right?

ssh1 as a protocol is less secure then ssh2, but saying that ssh1 is
insecure in general is FUD, spread alot by SSH Inc. who would like you
to pay them $$ for thier non-free product.   

debian has backported security fixes for all the holes found in ssh1
daemons.  the only thing they have not backported a fix for is the ssh
traffic analysis. however this `vulnerability' is nearly impossible to
exploit sucessfully, and even when done still gets the attacker very

the way it works basically is watching encrypted packets go back and
forth between two ssh connected machines, when the user runs su or
some other password prompting utility the attacker can notice more
packets going in one direction but not getting the same number echoed
back. this is because su does not echo each character as its typed
like a shell.  in thoery the attacker may be able to guess
approxamatly how many characters a password has. there is NOT a
vulnerability allowing the attacker to decrypt or sniff the
connection.  ssh2 eliminates this by sending bogus noop packets back
and forth that both sides simply ignore and throw away. this makes it
impossible for someone watching the encrypted packets go by to make
any guesses about what is happening in the session.  

IMO this is not something to lose sleep over.  

the other thing you may have heard about is the so called man in the
middle attack.  this is not a bug or flaw in ssh rather a flaw in the
user. the only way a man in the middle attack can suceed with ssh is
if the user either ignores ssh's screaming warning of mismatched host
keys, or does not take any steps to verify that a new host key they
accept from a new machine really belongs to that machine. 

Ethan Benson

Attachment: pgpMIhBVwLcCH.pgp
Description: PGP signature

Reply to: