[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#618863: /usr/bin/ssh: insecurely verifies host key with VerifyHostKeyDNS option

Package: openssh-client
Version: 1:5.5p1-6
Severity: normal
File: /usr/bin/ssh
Tags: upstream

When the VerifyHostKeyDNS option is used, ssh attempts to verify unknown
remote host keys by looking up SSHFP records in DNS. It relies on the AD
(Authentic Data) flag in the response to determine whether the fingerprint
it receives has been cryptographically verified by the resolver (i.e. with
DNSSEC) and if so, may rely on the matching host key with no further

This is insecure because ssh has no guarantee the communication between
the local (stub) resolver and an external recursive resolver which does the
cryptographic validation has not been tampered with. An attacker could
easily forge a response to the local resolver with the AD flag set.

Even if the communication could be guaranteed to be secure, relying on the
AD flag is wrong for another reason: a recursive resolver which also
happens to be authoritative for a zone is not required to check the
validity of its authoritative answers or set the AD flag in such responses.
(It will, however, set the AA flag.) [See RFC 3655 sec. 2.2]

I'm not aware of a means by which applications can securely determine
the cryptographic validity of answers to DNS queries short of performing
their own validations.

A patch to perform local DNSSEC validation for all ssh DNS lookups is
apparently included as part of DNSSEC-Tools:


I would recommend that upstream consider integrating local DNSSEC
validations for all DNS lookups, and not rely on the AD flag at all.

-- System Information:
Debian Release: 6.0
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'squeeze-updates')
Architecture: i386 (i686)

Kernel: Linux 2.6.38 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssh-client depends on:
ii  adduser     3.112+nmu2                   add and remove users and groups
ii  debconf [de                     Debian configuration management sy
ii  dpkg                    Debian package management system
ii  libc6       2.11.2-11                    Embedded GNU C Library: Shared lib
ii  libedit2    2.11-20080614-2              BSD editline and history libraries
ii  libgssapi-k 1.8.3+dfsg-4                 MIT Kerberos runtime libraries - k
ii  libssl0.9.8 0.9.8o-4squeeze1             SSL shared libraries
ii  passwd      1: change and administer password and
ii  zlib1g      1:             compression library - runtime

Versions of packages openssh-client recommends:
ii  openssh-blacklist             0.4.1      list of default blacklisted OpenSS
ii  openssh-blacklist-extra       0.4.1      list of non-default blacklisted Op
ii  xauth                         1:1.0.4-1  X authentication utility

Versions of packages openssh-client suggests:
ii  keychain                      2.6.8-2    key manager for OpenSSH
pn  libpam-ssh                    <none>     (no description available)
pn  ssh-askpass                   <none>     (no description available)

-- no debconf information

Reply to: