Re: Bug#807239: lftp: can no longer connect with sftp (no matching host key type found)

To: Vincent Lefevre <vincent@vinc17.net>, 807239@bugs.debian.org
Cc: Russ Allbery <rra@debian.org>, debian-ssh@lists.debian.org
Subject: Re: Bug#807239: lftp: can no longer connect with sftp (no matching host key type found)
From: Colin Watson <cjwatson@debian.org>
Date: Wed, 9 Dec 2015 17:26:08 +0000
Message-id: <[🔎] 20151209172608.GM2181@riva.ucam.org>
Mail-followup-to: Vincent Lefevre <vincent@vinc17.net>, 807239@bugs.debian.org, Russ Allbery <rra@debian.org>, debian-ssh@lists.debian.org
In-reply-to: <[🔎] 20151209154431.GA20210@cventin.lip.ens-lyon.fr>
References: <20151206154835.GA9931@zira.vinc17.org> <[🔎] 20151209011610.GA14304@zira.vinc17.org> <[🔎] 87d1ug5jhk.fsf@hope.eyrie.org> <[🔎] 20151209090632.GC24069@zira.vinc17.org> <[🔎] 20151209151844.GL2181@riva.ucam.org> <[🔎] 20151209154431.GA20210@cventin.lip.ens-lyon.fr>

On Wed, Dec 09, 2015 at 04:44:31PM +0100, Vincent Lefevre wrote:
> On 2015-12-09 15:18:44 +0000, Colin Watson wrote:
> > On Wed, Dec 09, 2015 at 10:06:32AM +0100, Vincent Lefevre wrote:
> > > According to what is documented, this appears to be related to
> > > host key checking: the error mesage is "no matching *host key*
> > > type found" and the option name is HostKeyAlgorithms. In what
> > > way it could be insecure in the case where the user doesn't have
> > > the key in the ~/.ssh/known_hosts file?
> > 
> > Weak host keys make it easier to conduct man-in-the-middle attacks.
> 
> My point is that with StrictHostKeyChecking = no and no keys for
> the host in ~/.ssh/known_hosts, there is no host authentication,
> so that a man-in-the-middle attack is already possible, even if
> the server provides a strong key. Thus whether a weak host key
> is provided by the server or not in this case shouldn't matter.

With StrictHostKeyChecking=yes/ask, it still weakens trust-on-first-use.
With StrictHostKeyChecking=no, I can somewhat see your point (although
there would at least be a visual indication if a different host key were
presented); but I doubt that it's worth continuing to support otherwise
obsolescent cryptography just for that case.

Put another way: it'd be quite peculiar and confusing to send different
server_host_key_algorithms in the client's SSH_MSG_KEXINIT packet
depending on the value of StrictHostKeyChecking.

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

References:
- Re: lftp: can no longer connect with sftp (no matching host key type found)
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: lftp: can no longer connect with sftp (no matching host key type found)
  - From: Russ Allbery <rra@debian.org>
- Re: lftp: can no longer connect with sftp (no matching host key type found)
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: Bug#807239: lftp: can no longer connect with sftp (no matching host key type found)
  - From: Colin Watson <cjwatson@debian.org>
- Bug#807239: lftp: can no longer connect with sftp (no matching host key type found)
  - From: Vincent Lefevre <vincent@vinc17.net>

Prev by Date: Bug#807239: lftp: can no longer connect with sftp (no matching host key type found)
Next by Date: Accepted openssh 1:7.1p1-2 (source amd64 all) into unstable, unstable
Previous by thread: Bug#807239: lftp: can no longer connect with sftp (no matching host key type found)
Next by thread: Accepted openssh 1:7.1p1-2 (source amd64 all) into unstable, unstable
Index(es):
- Date
- Thread