Subject: Re: Proposal: Disable SSHd Protocol v1 by Default (WAS: Re: ssh config path change (/etc -> /etc/ssh))
To: Johan A. van Zanten <johan@ewranglers.com>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: netbsd-users
Date: 03/14/2002 16:14:10
On Thu, Mar 14, 2002 at 04:07:32PM -0500, Johan A. van Zanten wrote:
> 
> ---In message <20020314192203.GA15453@rek.tjls.com>
> 
> On Thu, Mar 14, 2002 at 03:49:39AM -0500, Brian A. Seklecki wrote: 
> >> *) Almost every security advisory related to OpenSSH prior to the recent
> >> 'off-by-one' and zlib linking issues were related to weaknesses in the
> >> version 1 protocol.  Even the original ssh developers @cs.hut.fi and
> >> ssh.com recommend exclusive use of protocol 2 (mailing list posts, etc.)
> 
> tls@rek.tjls.com replied:
> >Uh, I'm sorry, but that's just plain false.  There is one fundamental
> >vulnerability in the version 1 protocol that's been discovered, ever (and
> >it's pretty darned obvious!): the use of a CRC instead of a cryptographic
> >checksum.
> 
> My understanding is that the CRC-related vulnerability that received wide
> press allows (under perhaps unusual or now more difficult conditions)
> insertion of data into data stream.
> 
>  However, i believe that there is another, different vulnerability in v
> 1.5 of the SSH protocol related to key exchange, when host key for the
> server is not known. (The Monkey-in-the-Middle attack.) Please see

Uh, beg pardon, but there is a man-in-the-middle attack possible on *any*
protocol that uses public-key authentication, when the key for the other
end cannot be validated.  This is as true of SSHv2 as it is of SSHv1; it
could be overcome by using PKI but nobody has done that.

It would be foolish in the extreme to assume that using v2 protects you
against this _general vulnerability of public-key authentication systems_
when, in fact, it does not.  If you can't verify the other end's key, you
are vulnerable to a man-in-the-middle attack, period -- whether you can
use "dsniff" to exploit that vulnerability or not.

-- 
 Thor Lancelot Simon	                                      tls@rek.tjls.com
   But as he knew no bad language, he had called him all the names of common
 objects that he could think of, and had screamed: "You lamp!  You towel!  You
 plate!" and so on.              --Sigmund Freud