Stajano's ssh & Man-in-Middle attacks

Fred (Please remove 1st f from my email) ffma "at" doe.carleton.ca
Thu, 28 Feb 2002 11:59:07 +0000 

Just to make it clear that I really don't know
this area, every time I refer to a public key
fingerprint below, I should have said RSA key
fingerprint.  (That's what the ssh program
asks to confirm).

Fred

--------------------------------------------------------------------------
Fred Ma
Department of Electronics
Carleton University, Mackenzie Building
1125 Colonel By Drive
Ottawa, Ontario
Canada     K1S 5B6
ffma "at" doe.carleton.ca (Remove the 1st "f"!)
==========================================================================

"fred (Please remove 1st F from my email)" wrote:

> Further to the questions below, the reason why
> this is even a concern is because I use applications
> over VNC that asks for various passwords.  Most of
> the time, the keystrokes echoed bach are just "*",
> but anyone watching the information from server
> to viewer can't get the password.  But what about
> the key strokes sent by the viewer to the server?
> My understanding is that they are not encrypted,
> since VNC only encrypts the password for the
> viewer's connection to the server.   If all other
> keystrokes are unencrypted, then the caution
> below is certainly well warranted simply because
> you're typing your various other passwords for the
> world to see.  If not, then the risk would be
> determined the confidential nature of the work
> being done the over VNC connection.
>
> Fred
>
> "fred (Please remove 1st F from my email)" wrote:
>
> > Hi,
> >
> > I'm using the procedure of
> > http://www.uk.research.att.com/vnc/sshwin.html
> > When initiating the ssh connection, Stajano
> > suggests against blindly accepting the public key
> > fingerprint presented by the host computer at the
> > far end.  He says that you should first physically
> > go to the computer at the far end and get the
> > public key finger print written on paper so that
> > you can confirm that you're connecting the the
> > right host rather than a pretender.
> >
> > This sometimes presents a problem because
> > the host I connect to is not always up.  All of a
> > sudden I have to connect to different host at
> > the far end, one for which I don't have the
> > public key fingerprint.  I've telnetted into the
> > host, but then thought better of querying the
> > host for a public key fingerprint, since it would
> > be displayed over an insecure channel.  It
> > would totally defeat the purpose of confirming
> > the host's public key fingerprint.
> >
> > Is this getting overly paranoid?  How likely is
> > it that someone would be waiting right there
> > and right then to get the public key fingerprint
> > just to pretend to be the far-end host the next
> > time you connect?  Would it be a reasonable
> > risk to query the host for its public key fingerprint
> > over an insecure telnet session, considering that
> > you never have to repeat the query and thus
> > never run the risk again?
> >
> > Fred
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------