SSH Man-in-the-Middle Attack and Public-Key Authentication Method

最新推荐文章于 2024-05-02 22:08:13 发布
最新推荐文章于 2024-05-02 22:08:13 发布
阅读量1.1k 收藏
点赞数
文章标签: authentication ssh string algorithm server session

http://www.signedness.org/tools/

SSH is a protocol for secure remote login and other secure network services over insecure networks. To detect man-in-the-middle attacks SSH clients are supposed to check the host key of the server, for example by comparing it with a known good key. Should the client neglect to check the server key (or an attacker manage to steal the private key of the server) the connection becomes vulnerable to active man-in-the-middle attacks, according to RFC 4251, The Secure Shell (SSH) Protocol Architecture (section 4.1) and other resources.

The above statement is indeed true for password-based authentication. There are some tools implementing the attack, for example MITM-SSH. However, there are no tools implementing MITM against an SSH connection authenticated using public-key method (this feature is in TODO list of the above mentioned tool though). Being pressed to produce a PoC for this attack, I have attempted to implement it only to discover it is quite impossible and here is why.

During SSH connection setup the peers use Diffie-Hellman to generate encryption keys and a session ID. We assume that MITM attacker has already managed to circumvent the server host key validation and tricked the peers into establishing the connection. Effectively, there are two connections: first between the client and the attacker, and second between the attacker and the server. In case of password authentication the game is over: the attacker can see the password sent by the client, relay it to the server, and basically do whatever he or she wants.

The things are a bit more complicated in case of the public key authentication method. The client uses its private key to generate a signature and submits the signature to the server. RFC 4252, The Secure Shell (SSH) Authentication Protocol (section 7) tells us exactly how the signature is generated:

   To perform actual authentication, the client MAY then send a
   signature generated using the private key. ... The signature is sent
   using the following packet:

      byte      SSH_MSG_USERAUTH_REQUEST
      string    user name
      string    service name
      string    "publickey"
      boolean   TRUE
      string    public key algorithm name
      string    public key to be used for authentication
      string    signature

   The value of 'signature' is a signature by the corresponding private
   key over the following data, in the following order:

      string    session identifier
      byte      SSH_MSG_USERAUTH_REQUEST
      string    user name
      string    service name
      string    "publickey"
      boolean   TRUE
      string    public key algorithm name
      string    public key to be used for authentication

Now the attacker has a problem, as the client and the server have different ideas about what session identifier is supposed to be. Obviously, the server will reject the signature supplied by the client and public-key authentication will fail.

The session identifier is calculated based on (among other things) the shared secret negotiated by the peers using Diffie-Hellman algorithm. The algorithm itself does not protect against active MITM attack, but it makes it impossible for MITM attacker to influence the choice of the shared key (and by extension the session ID) by the victims.

So public-key authentication has somewhat unexpected side effect of preventing MITM. Nice to know.

Bookmark/Search this post with
cnbird2008
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
Man-in-the-middle attack
雜貨鋪
03-05 2117
原文地址:https://en.wikipedia.org/wiki/Man-in-the-middle_attack   Man-in-the-middle attack From Wikipedia, the free encyclopedia Jump to: navigation, search Not to be confused with Meet-
中间人攻击(Man-in-the-middle attack 缩写:MITM)
哎一入江湖岁月催的专栏
11-03 6199
中间人攻击主要指攻击者在通讯的两端创建独立连接,交换获得数据,可能会对数据进行拦截,篡改,伪造,致使两端的通讯者以为双方的连接是私密连接。 我们用两个场景了解一下中间人攻击: 第一个场景是这个中间人谎称自己是国际象棋大师,然后就会由很多的挑战者,这是一个互联网时代,完全可以在线同时进行棋艺切磋。 然后就出现了下图的情况: 这个中间人在这两盘棋中肯定能够赢取一盘,这样某一大师肯定就认可这...
关于 someone could be eavesdropping on you right now (man-in-the-middle attack) ssh的解决办法
weixin_30868855的博客
04-16 860
关于 someone could be eavesdropping on you right now (man-in-the-middle attack) ssh的解决办法 记录工作中遇到的问题   someone could be eavesdropping on you right now (man-in-the-middle a...
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right no
fdsjiaoDoctor的博客
03-10 2400
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eaves
linux中远程连接(如SSH)出现someone could be eavesdropping on you right now的解决办法
多多米开发
07-26 1万+
今天用SSH连接我的远程主机,出现了以下错误:IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!Someone could be eavesdropping on you right now (man-in-the-midd
ssh连接报错解决
weixin_34007879的博客
09-30 839
今天从一台服务器ssh远程连接另一台服务器时报错,如下: WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!Someone could be eavesdropping on you right now (man-in-the-middle att...
解决Ssh/Scp报错:Someone Could Be Eavesdropping On You Right Now (Man-In-The-Middle Attack)!
YunWisdom
07-04 3706
解决SSH/Scp报错:Someone Could Be Eavesdropping On You Right Now (Man-In-The-Middle Attack)! 主要现象:ssh/scp 失败,host key verification failed. # scp /home/iso/********.iso root@192.168.1.***:/home/ ...
Someone could be eavesdropping on you right now
海洋专栏
12-20 295
具体报错如下: + ssh -t -t -i /home/tool/myh.pem centos@52.24.23.121 rm -rf /ROOT/www/vue/static @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHAN...
好记心不如烂笔头,ssh登录 The authenticity of host 192.168.0.xxx can't be established. 的问题
热门推荐
KimSoft's Blog
09-06 12万+
ssh登录一个机器(换过ip地址),提示输入yes后,屏幕不断出现y,只有按ctrl + c结束   错误是:The authenticity of host 192.168.0.xxx can't be established.   以前和同事碰到过这个问题,解决了,
基于JAVA实现的WEB端UI自动化 - WebDriver框架篇 - ant使用 - ant调用email 自动发送邮件
最新发布
2401_84002271的博客
05-02 986
即使是面试跳槽,那也是一个学习的过程。只有全面的复习,才能让我们更好的充实自己,武装自己,为自己的面试之路不再坎坷!今天就给大家分享一个Github上全面的Java面试题大全,就是这份面试大全助我拿下大厂Offer,月薪提至30K!我也是第一时间分享出来给大家,希望可以帮助大家都能去往自己心仪的大厂!为金三银四做准备!
使用public key来做SSH authentication
weixin_34241036的博客
05-30 561
public key authentication(公钥认证)是对通过敲用户名、密码方式登录服务器的一种替代办法。这种方法更加安全更具有适应性,但是更难以配置。 传统的密码认证方式中,你通过证明你你知道正确的密码来证明你是你。证明你知道密码的唯一方式是你告诉服务器密码是什么。这意味着如果服务器被黑掉,或者欺骗,那么一个黑客攻击者就能学习到你的密码。 Public key authenticat...
ssh登录远程主机报错:Someone could be eavesdropping on you right now (man-in-the-middle attack)!
lvhdbb的博客
07-22 2万+
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eaves...
ssh远程连接主机报错:Someone could be eavesdropping on you right now (man-in-the-middle attack)!
Imagine Miracle的博客
06-29 3688
ssh连接报错 imaginemiracle:ubuntu_pk$ ssh imaginemiracle@192.168.10.133 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS PO
python ssh批量登录 自动交互
Man_In_The_Night的博客
12-11 4109
用python来ssh远程登录,如果用os.system('commod'),结果就是人机互动,跟不用也没啥区别。 百度发现,可以用pexpect模块来实现自动交互。 # import os #os.system('ping localhost') #import subprocess import pexpect def ssh_cmd(ip, passwd): #a = os.s
SSH2 “MITM” like attack with JMITM2
cnbird's blog
08-05 903
First: the following attack is not a real (at least not a perfect) man-in-the-middle attack, since the target will get a warning about the altered SSH server footprint and the attacker needs to “hijac
linux之 ssh连接服务器,WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
cuangu9341的博客
10-01 83
[root@zk01 ~]# ssh localhost @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HO...
好记心不如烂笔头,ssh登录 The authenticity of host 192.168.0.xxx can't be established. 的问题...
weixin_34239169的博客
11-06 174
ssh登录一个机器(换过ip地址),提示输入yes后,屏幕不断出现y,仅仅有按ctrl + c结束   错误是:The authenticity of host 192.168.0.xxx can't be established.   曾经和同事碰到过这个问题,攻克了,没有记录,这次又碰到了不知道怎么处理,还好有QQ聊天记录,查找到一下,找到解决方式:   运行ssh  -...
【Geeker】中间人攻击(Man-in-the-MiddleAttack)
Catullus的博客
02-23 3688
相关文章: 中间人攻击(Man-In-The-Middle)&&Cain使用简介 中间人攻击·百度百科 中间人攻击·维基百科 Man-in-the-middle attack 中间人攻击 & 防御方式全解 Not signed i
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! 解决办法
crazytire的博客
07-24 1328
本地ubuntu20.04通过ssh连接腾讯云云主机ubuntu20.04出现以下提示。将known_hosts文件删除就行了,看它的提示,文件位置在哪里,改成你的文件位置即可。敲yes就行了,然后输入你的密码即可。
ip sshd pwd-method authentication-list ssh
07-28
您提到的命令 "ip sshd pwd-method authentication-list ssh" 是用于配置 SSH 服务器的密码认证方式列表。该命令指定了使用 SSH 协议进行远程管理时的密码认证方式。 在该命令中,"authentication-list ssh" 指定了使用 SSH 连接时应用的密码认证方式列表。这意味着当用户尝试通过 SSH 连接到设备时,设备将按照列表中指定的顺序逐个尝试认证方式,直到找到匹配的方式或所有方式均失败。 如果要将回复切换为中文,请告诉我您需要了解的特定内容,我会用中文回答您的问题。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值