Re: AAARRRGGHHH! Re: OT: security of ssh/RSAAuthentication

[Sebastian Stark <seb@gosh.todesplanet.de>]

Markus Friedl wrote:
> > It is. Look at the current dsniff (http://www.monkey.org/)
> 
> this is not at all related to RSAAuthentication.
> dsniff's MITM  applies to the authentication of the SERVER to the USER.

That's it. And it assumes that nearly everyone will disregard the warning you
get when the host key was changed.

> > > version 1 which appears to have a small window that
> > > allows anyone (in the proper position) to catch the
> > > session and snoop on it (so far goes my reading of
> > 
> > Even if you can snoop around and even if you can guess sequence numbers, you
> > don't have the session key.
> 
> what sequence numbers?

TCP. I mean, if you sniff ssh traffic like telnet or try to hijack an ssh
TCP stream you won't be able to decipher it.

> > But, you're right: If you use ssh-agent and someone takes over your X session,
> > there will be such an effect. So, that's the reason why I don't use X over the
> > network but rather through an ssh tunnel.
> 
> how is the ssh-agent related to the X session?

o.k. maybe many people use it without X but I do. Sorry for the generalization.
ssh-agent can be used to make private keys temporarily "un-passworded", so
this raises the likelihood of someone using your identity, login on other
servers from known_hosts and so on...