Abstract
A standard tool for secure remote access, the SSH protocol uses public-key cryptography to establish an encrypted and integrity-protected channel with a remote server. However, widely-deployed implementations of the protocol are vulnerable to man-in-the-middle attacks, where an adversary substitutes her public key for the server’s. This danger particularly threatens a traveling user Bob borrowing a client machine.
Imposing a traditional X.509 PKI on all SSH servers and clients is neither flexible nor scalable nor (in the foreseeable future) practical. Requiring extensive work or an SSL server at Bob’s site is also not practical for many users.
This paper presents our experiences designing and implementing an alternative scheme that solves the public-key security problem in SSH without requiring such an a priori universal trust structure or extensive sysadmin work—although it does require a modified SSH client. (The code is available for public download.)
This work was supported in part by the Mellon Foundation, by Internet2/AT&T, and by the Office for Domestic Preparedness, U.S. Department of Homeland Security (2000-DT-CX-K001). The views and conclusions do not necessarily represent those of the sponsors. A preliminary version of this paper appeared as Technical Report TR2003-441, Department of Computer Science, Dartmouth College.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Adams, C., Farrell, S.: Internet X.509 Public Key Infrastructure Certificate Management Protocols. IETF RFC 2510 (March 1999)
Barrett, D.J., Silverman, R.E.: SSH: The Secure Shell, The Definitive Guide. O’Reilly & Associates, Sebastopol (2001)
Krawczyk, H., Bellare, M., Canetti, R.: HMAC: Keyed Hashing for Message Authentication. RFC 2104 (February 1997)
Myers, M., Ankney, R., Adams, C., Farrell, S., Covey, C.: Online Certificate Status Protocol, version 2. Internet Draft (March 2001)
Perrig, A., Sogn, D.: Hash Visualization: A New Technique to Improve Real-World Security. In: International Workshop on Cryptographic Techniques and E-Commerce (1999)
Pinkas, D., Housley, R.: Delegated Path Validation and Delegated Path Discovery Protocol Requirements. Internet Draft (February 2002)
Schlyter, J., Griffin, W.: Using DNS to Securely Publish SSH Key Fingerprints. Secure Shell Working Group, Internet Draft (September 2003)
Song, D., Wagner, D., Tian, X.: Timing Analysis of Keystrokes and Timing Attacks on SSH. In: 10th USENIX Security Symposium (2001)
Yerubandi, S.S., Wanalertlak, W.: SSH1 Man in the Middle Attack. Oregon State University (2002), http://islab.oregonstate.edu/koc/ece478/project/2002RP/YW.pdf
Ylonen, T., Moffat, D.: SSH Protocol Architecture. Network Working group, Internet Draft (October 2003)
Ylonen, T., Moffat, D.: SSH Connection Protocol. Network Working group, Internet Draft (October 2003)
Ylonen, T., Moffat, D.: SSH Transport Layer Protocol. Network Working group, Internet Draft (October 2003)
Ylonen, T., Moffat, D.: SSH Authentication Protocol. Network Working group, Internet Draft (September 2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ali, Y., Smith, S. (2004). Flexible and Scalable Public Key Security for SSH. In: Katsikas, S.K., Gritzalis, S., López, J. (eds) Public Key Infrastructure. EuroPKI 2004. Lecture Notes in Computer Science, vol 3093. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-25980-0_4
Download citation
DOI: https://doi.org/10.1007/978-3-540-25980-0_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22216-3
Online ISBN: 978-3-540-25980-0
eBook Packages: Springer Book Archive