All,
Please pardon my naivete.
I was looking at the diagram on the URL
listed below and contemplating how host
fingerprinting prevents MITM attacks.
http://www.vandyke.com/solutions/ssh_overview/ssh_overview_threats.html
So my question is this... Given the
illustration in the URL above, what
prevents Eve from *first* contacting Alice
to obtain a fingerprint which then gets
passed to Bob on the first connection
attempt?
The host key fingerprint isn't actually
passed between server and client.
Instead, the server provides the entire
public portion of the host key and the client
generates the fingerprint using a hashing
algorithm.
The first time Bob (a client) attempts to
connect to Alice (a server), Bob is
responsible for validating the public portion
of the host key. Typically Bob would compare
the generated fingerprint to a fingerprint
requested of Alice by some other means (e.g
phone conversation, secure web site, etc.).
During the initial setup of the SSH
connection, the server is required to use its
private portion of the host key to generate a
signature. This signature is verified by the
client using the public portion of the host
key.
Therefore, even if Eve (MITM/WITM) has the
public portion of Alice's host key, Eve
cannot successfully pretend to be Alice since
Eve does not possess the private portion of
Alice's host key which is required to
generate a valid signature.
Additionally, if Eve attempts to fool Bob by
presenting a different host key, the
fingerprint Bob generates will not match the
fingerprint provided by Alice as described
earlier.
You can find more "light reading" on the
subject of MITM attacks related to SSH in
section 9.3.4 of the SSH Protocol
Architecture RFC:
http://www.ietf.org/rfc/rfc4251.txt
There is also a white paper treating the
topic of host keys that you might find
useful:
http://www.vandyke.com/solutions/host_keys/index.html
Does this information help clarify?
--Jake
Jake Devenport
VanDyke Software Technical Support
