Subject: Re: Proposal: Disable SSHd Protocol v1 by Default (WAS: Re: ssh config path change (/etc -> /etc/ssh))
To: None <tls@rek.tjls.com>
From: Johan A. van Zanten <johan@ewranglers.com>
List: netbsd-users
Date: 03/14/2002 16:07:32
---In message <20020314192203.GA15453@rek.tjls.com>
On Thu, Mar 14, 2002 at 03:49:39AM -0500, Brian A. Seklecki wrote:
>> *) Almost every security advisory related to OpenSSH prior to the recent
>> 'off-by-one' and zlib linking issues were related to weaknesses in the
>> version 1 protocol. Even the original ssh developers @cs.hut.fi and
>> ssh.com recommend exclusive use of protocol 2 (mailing list posts, etc.)
tls@rek.tjls.com replied:
>Uh, I'm sorry, but that's just plain false. There is one fundamental
>vulnerability in the version 1 protocol that's been discovered, ever (and
>it's pretty darned obvious!): the use of a CRC instead of a cryptographic
>checksum.
My understanding is that the CRC-related vulnerability that received wide
press allows (under perhaps unusual or now more difficult conditions)
insertion of data into data stream.
However, i believe that there is another, different vulnerability in v
1.5 of the SSH protocol related to key exchange, when host key for the
server is not known. (The Monkey-in-the-Middle attack.) Please see
http://www.monkey.org/~dugsong/dsniff/ for information and a tool itself
to take advantage of the vulnerability.
So this would indicate that there are two fundamental vulnerabilities in
the version 1 (1.5) protocol.
--johan