[Secure-testing-team] Bug#481853: [openssh-client] "ssh-vulnkey -a" does not see the weak keys of the user
Dominic Hargreaves
dom at earth.li
Mon May 19 14:45:17 UTC 2008
On Mon, May 19, 2008 at 10:40:18AM -0400, Anthony DeRobertis wrote:
> On Mon, May 19, 2008 at 09:58:20AM +0100, Dominic Hargreaves wrote:
> > Deleting a known_hosts file containing weak keys will not gain you any
> > security (rather, it'll lose you security unless you rigourously check
> > all the fingerprints of the host keys that used to be stored there).
>
> Correct me if I'm wrong, but there really isn't much of a security
> difference between just saying "yes" to the prompt and trusting the weak
> key to verify the host. Well, other than that when you say "yes", at
> least you know that you're trusting w/o any verification.
>
> I'd suggest that OpenSSH should refuse to connect to a host with a
> compromised host key. Or at least put up a message no less scary than
> the man-in-the-middle one.
I'm not disagreeing with any of that. But deleting the *whole*
known_hosts file is (to use an English idiom) throwing the baby out with
the bathwater -- ie solving the problem in a rather crude and
over-the-top way.
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
More information about the Secure-testing-team
mailing list