[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Ssh security hole?

To: Tatu Ylonen <[email protected]>
Subject: Re: Ssh security hole?
From: "Perry E. Metzger" <[email protected]>
Date: Thu, 13 Jul 1995 22:02:22 -0400
Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
In-Reply-To: Your message of "Fri, 14 Jul 1995 02:03:08 +0300." <[email protected]>
Reply-To: [email protected]
Sender: [email protected]


Tatu Ylonen writes:
> (I'll forward your message to a couple of lists where it might be
> of interest; the original message is at end.)
> 
> I think you are right in your analysis.  There is indeed a problem
> with RSA authentication.  Basically what this means is that if you log
> into a corrupt host, that host can at the same time log into another
> host with your account (by fooling you to answer to the request)
> provided that you use the same RSA identity for both hosts.
> 
> A workaround is to use a different identity for each host you use.
> The default identity can be specified on a per-host basis in the
> configuration file, or by -i options.

Might I suggest that a better solution would be to adapt the station
to station protocol, or, even better, Photuris...

.pm

References:
- Re: Ssh security hole?
  - From: Tatu Ylonen <[email protected]>

Prev by Date: Re: Fight, or Roll Over?
Next by Date: Re: Root Causes
Prev by thread: Re: Ssh security hole?
Next by thread: Re: Ssh security hole?
Index(es):
- Date
- Thread