SSH key spoofing
Ringo Kamens
2600denver at gmail.com
Wed Jan 3 08:54:43 UTC 2007
Wouldn't constantly changing ssh keys make it more secure?
On 1/2/07, Mike Perry <mikepery at fscked.org> wrote:
> Deliberately breaking threading so this doesn't fall through the
> cracks.
>
> Thus spake Robert Hogan (robert at roberthogan.net):
>
> >
> > Got this when testing an ssh connection:
> >
> > WARNING: DSA key found for host shell.sf.net
> > in /home/robert/.ssh/known_hosts:8
> > DSA key fingerprint 4c:68:03:d4:5c:58:a6:1d:9d:17:13:24:14:48:ba:99.
> > The authenticity of host 'shell.sf.net (66.35.250.208)' can't be
> established
> > but keys of different type are already known for this host.
> > RSA key fingerprint is cf:9b:db:c4:53:c3:f0:0d:e8:c4:15:33:61:71:01:ca.
> > Are you sure you want to continue connecting (yes/no)? no
> >
> >
> > Tor first attempted to attach a circuit with toxischnet as it's exit. This
> > didn't work, so it then used tormentor. I then got the above.
> >
> > I subsequently used both toxischnet and tormentor to connect without any
> key
> > authentication issues. The RSA fingerpint is not listed by sourceforge.
> >
> > http://sourceforge.net/docs/G04/en/#fingerprintlist
> >
> > Malice? Misconfiguration of some sort? Anyone care to test either of these
> > exits?
>
> Hrmm.. My scanner seems to be getting hung on some bug (possibly one
> that I'm tickling in Tor or possibly my own), so I haven't seen this
> during automatic scanning yet, but I can confirm manually that
> tormentor IS in fact regularly changing ssh keys. It should be
> delisted as an exit ASAP.
>
> toxischnet is currently hibernating, so its hard to say on that one.
>
> --
> Mike Perry
> Mad Computer Scientist
> fscked.org evil labs
>
More information about the tor-talk
mailing list