Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

SSH / man in the middle

  • 03-02-2009 11:26am
    #1
    Khannie
    Registered Users, Registered Users 2 Posts: 37,485 ✭✭✭✭


    So when you connect to a new host by SSH, you're given a key fingerprint. You know the ones, we all just yada yada ignore them. I'd like to verify one.

    The message is of the format:
    The authenticity of host 'computa (192.168.1.100)' can't be established.
RSA key fingerprint is 1c:db:ab:7e:15:5b:3d:1e:74:e5:4c:42:8c:93:c5:db.
Are you sure you want to continue connecting (yes/no)?

    So I checked the key files in the ~/.ssh/ directory and there's nothing matching that bunch of hex. How do I know I'm connecting to the computer it says I am?


Comments

  • #2
    towel401
    Closed Accounts Posts: 2,917 ✭✭✭towel401


    on the thing you're connecting to check if the fingerprint matches. the ssh server's key files are stored in /etc/ssh but maybe not on every distro

    ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key


  • #3
    Khannie
    Registered Users, Registered Users 2 Posts: 37,485 ✭✭✭✭Khannie


    Nice one, thanks. That worked perfectly.

    edit: I wasn't being _completely_ paranoid....there actually was potential for a MITM attack there and I wanted to rule it out.


  • #4
    watty
    Registered Users, Registered Users 2 Posts: 32,417 ✭✭✭✭watty


    Internet Cafe or Hotel or some such Public WiFi is an easy place for sniffing or Man in Middle attacks. A fake DNS entry in your home router enables MIM attacks too. If you leave default router password a web site on your PC can do this as your PC is inside the NAT/firewall.

    I use VPN to my home server and then access email via my home internet connnection.

    (Email and the passwords are all plain text)

    There was a mail server once set to pick up all the emails in an office and they had never written down all the passwords. I edited POP server to be my laptop address and hacked a quick VB program on POP3 port to accept socket connections and return string "OK" for everthing.

    All the user names and passwords in the window.


  • #5
    towel401
    Closed Accounts Posts: 2,917 ✭✭✭towel401


    watty wrote: »
    Internet Cafe or Hotel or some such Public WiFi is an easy place for sniffing or Man in Middle attacks. A fake DNS entry in your home router enables MIM attacks too. If you leave default router password a web site on your PC can do this as your PC is inside the NAT/firewall.

    I use VPN to my home server and then access email via my home internet connnection.

    (Email and the passwords are all plain text)

    There was a mail server once set to pick up all the emails in an office and they had never written down all the passwords. I edited POP server to be my laptop address and hacked a quick VB program on POP3 port to accept socket connections and return string "OK" for everthing.

    All the user names and passwords in the window.

    you run your own email server? most of them should support some sort of secure POP login or STARTTLS

    recently i found that Meteor were using some sort of firewall that edits the packets to make it appear like mail servers don't support TLS. but only on port 25


Advertisement