Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Host keys after cloning

from [Marius Huse Jacobsen] Network Security [Permanent Link]
Subject: Re: Host keys after cloning
Date: Tue, 31 Aug 2004 11:50:37 +0200 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Ugo,

Thursday, August 26, 2004, 8:56:26 PM, you wrote:

UB>    I just cloned a server to save install time, but now I realize that
UB> the ssh host key is the same for every server.  That makes sense since I
UB> cloned them, but I was wondering if that was insecure, and how to
UB> regenerate them.

There was a minor discussion on this a while ago. I don't remember how
much of it was private and how much public, but the summary is:

If somebody gets the key from one, they have the key for all. We
concluded that the only real use for the host key was to enable
undetectable MITM attacks. This would be against all of the boxes, not
just the one they got it from. It would also make bruteforce
decryption easier, but still not so easy it would make much of a difference.

(There's the host key and a 'key of the hour' which both will have to
be cracked to decrypt the content of a sniffed connection.)

That said, there's no particular reason to use the same key. Even the
slighter weakness to MITM attacks is a reason not to.

- - --
Best regards,
 Marius                            mailto:mahuja@c2i.net
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)

iD8DBQFBNEcCl9nYJJam7WsRAvZcAJ9mAkOi7X0SDDQvCZLmljvp1Fr1KgCg4vyc
iTHu4/rQpx21WcYNidE9JyQ=
=+FXB
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)

iD8DBQFBNEntl9nYJJam7WsRAlzrAJ4sEK0SnSJKwBrJTxH67xwMLzSdmgCeNupJ
M2fWzgwLLQAVtio8uyM8wBc=
=dD05
-----END PGP SIGNATURE-----
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  SSH won't execute shell, WEC IT Services (UK)
Previous by Thread:  Re: Host keys after cloning, Leif Ericksen
Next by Thread:  Need help with an ssh connection, joseph . eoff
Indexes:  [Date] [Thread] [Top] [All Lists]