Re: File transfer using ssh

To: debian-security@lists.debian.org
Subject: Re: File transfer using ssh
From: Hubert Chan <hackerhue@geek.com>
Date: 24 Aug 2001 23:12:11 -0600
Message-id: <[🔎] 87k7zsradw.fsf@hackerhue.ddts.net>
In-reply-to: <[🔎] 20010824203439.H6503@llama.nslug.ns.ca>
References: <[🔎] 35B49DB2B21CD311B7080008C7D9E8EB3C267F@FILEANDMAIL> <[🔎] 20010823155414.G26003@topic.com.au> <[🔎] 005d01c12ba1$96971fa0$47c332c3@estnet.ee> <[🔎] 20010823170847.I26003@topic.com.au> <[🔎] 20010823095043.B23465@nepomuk.matrix.uni-duisburg.de> <[🔎] 20010823181303.B16409@topic.com.au> <[🔎] 20010823150851.A23687@linuxasylum.net> <[🔎] 20010824203439.H6503@llama.nslug.ns.ca>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>>> "Peter" == Peter Cordes <peter@llama.nslug.ns.ca> writes:

Peter>  It is secure when you have put the public key on the remote
Peter> machine already. SSH is only vulnerable to man-in-the-middle when
Peter> you first connect to a host, and accept the host-key.

Don't you mean "when you have put the public key on the *local* machine
already"?  i.e. you have a local copy of the server's public key?
AFAIK, putting a copy of your personal public key on the server doesn't
really gain you much.

Perhaps you were just typing too fast, because your next sentence
confirms that you want to have the remote's public key on your local
machine.

And just to nitpick, ssh is also vulnerable to man-in-the-middle if you
just blindly accept host key changes (although most recent ssh versions
severely discourage such behaviour).

- -- 
Hubert Chan <hackerhue@geek.com> - http://www.geocities.com/hubertchan/
PGP/GnuPG key: 1024D/651854DF71FDA37F
Fingerprint: 6CC5 822D 2E55 494C 81DD  6F2C 6518 54DF 71FD A37F
Key available at wwwkeys.pgp.net.   Please encrypt *all* e-mail to me.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7hzOoZRhU33H9o38RAoWQAJ0b/ROjvq9iLxx18H0C6ZEAiexWjgCgt4CK
id2MXEC7iu4moTtjz9K8gmU=
=Y2Eh
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: File transfer using ssh
  - From: Peter Cordes <peter@llama.nslug.ns.ca>

References:
- RE: File transfer using ssh
  - From: Curt Howland <curt@blue-edge-tech.com>
- Re: File transfer using ssh
  - From: Jason Thomas <jason@topic.com.au>
- Re: File transfer using ssh
  - From: "Jaan Sarv" <jaan@sarv.ee>
- Re: File transfer using ssh
  - From: Jason Thomas <jason@topic.com.au>
- Re: File transfer using ssh
  - From: Philipp Schulte <pschulte@uni-duisburg.de>
- Re: File transfer using ssh
  - From: Sam Couter <sam@topic.com.au>
- Re: File transfer using ssh
  - From: Samu <samu@linuxasylum.net>
- Re: File transfer using ssh
  - From: Peter Cordes <peter@llama.nslug.ns.ca>

Prev by Date: Re: UP2DATE
Next by Date: Re: Fwd: [bugtraq@securityfocus.com] Multiple-Vendor-FTP-Vuln. (old?)
Previous by thread: Re: File transfer using ssh
Next by thread: Re: File transfer using ssh
Index(es):
- Date
- Thread