mailing list archives
Re: sshd1 allows unencrypted sessions regardless of server policy
From: markus.friedl () INFORMATIK UNI-ERLANGEN DE (Markus Friedl)
Date: Wed, 15 Dec 1999 23:13:27 +0100
On Tue, Dec 14, 1999 at 02:35:05PM -0500, Michael H. Warfield wrote:
On Tue, Dec 14, 1999 at 04:43:32PM +0100, Markus Friedl wrote:
Because passphrase-less hostkeys are 'encrypted' with cipher "none"
the code for this cipher is always compiled into the programs. This
way the client is free to choose "none" and no server will complain.
AFAIK... The passpharse-less host keys are encrypted with 3-DES
and no password. [...]
Please look at the source.
E.g. ssh-1.2.12/authfile.c reads:
if (strcmp(passphrase, "") == 0)
cipher_type = SSH_CIPHER_NONE;
Older versions may have used a real cipher with key "".
Note also that SSH_CIPHER_NONE is also used for 'encryption' before
client and server have exchanged the session-key.
Many of you disagree with me and are saying that this cipher-none
issue is a non-issue.
But once more I like to point out that this a security problem in
a wider sense as it affects your security _policy_. If you decide
to remove telnet/rlogin and configure ssh with '--without-none' you
still have not disabled cleartext logins. This is not about
bufferoverflows or exploits, this is about your security _policy_,
so it is still a security issue.
Moreover, if a third party manages to replace the (unauthenticated)
server messages "I will accept only ciphers IDEA and 3DES" with "I
will accept only cipher NONE" you don't even need a malicious client.