[CLUE-Tech] ssh using RSA authentication?

Todd Williams hp205ctl at hotpop.com
Sat Nov 30 11:35:57 MST 2002 

David Anselmi wrote:
 > Todd Williams wrote:
 > [...]
 >
 >> This will force your ssh to only use ssh v2 - ssh v1 has known
 >> exploits that are actively being scanned for.
 >
 >
 > Hmm...  SSHv1 has a design flaw that makes insertion attacks possible
 > (though difficult).  Is that what you meant?

No - that is a difficult attack, and there are is no known exploit code
in circulation.  There are a number of related attacks that require the
attacker to sniff traffic.  All are quite difficult, and only likely to
be used as last resort attacks by professionals.  Most systems will have
easier ways in...

 > I would not say that this vulnerability is being scanned for, since it
 > requires access to the tcp stream of a legitimate ssh connection.
 >
 > If you meant something else, could you elaborate?

     Name        CVE-2001-0144
     Description:
       CORE SDI SSH1 CRC-32 compensation attack detector allows remote
       attackers to execute arbitrary commands on an SSH server or client
       via an integer overflow.

This vulnerability was in all the ssh v1 implementations, and there is
exploit code available.  I see scans for ssh averaging about once a week
on several boxes whose firewalls I manage.
They appear to be automated.  On most boxes they hit the port once, then
go away.  One box has ssh v1 enabled.  On that one, they try several
more packets before leaving.

Since there are known weaknesses in the V1 protocol, why even leave it
enabled as a fallback?  All the current clients speak V2 - even Windoze
clients.

In many cases I use ssh to connect to servers located in corporate
facilities, where many people have physical access and could hang a
sniffer on the wire to look for things like root passwords.  With SSHv1
there are known (if difficult) ways to detect and recover passwords.
With SSHv2 the best known vulnerabilites allow an attacker with a
sniffer to narrow down the length of the password, which would simplify
brute force guessing.  With SSHv1 there are also ways to hijack a
session, possibly keeping it open for the attackers use after the
originating user "closed" it.  May not give the attacker root, but it is
much easier to compromise a box and gain root once local access is
gained.  There are many local privilege escalation exploits, and they
are usually not as well protected against as remote exploits.

Todd Williams

More information about the clue-tech mailing list