30 Mar
2006
30 Mar
'06
08:28
Hello List, the manpage of ssh_config describes the option CheckHostIP which is enabled by default. The description tells, that this option can protect from dns-spoofing attacks. I just wondered how a dns-spoofing attack to ssh could work in general? if i ssh to a machine: ssh host1 the ssh client will resolve the ip of host (could be dns, depends on resolv.conf), connects to the host and checks the hostkey of host1 against /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts. If someone manages to give me a wrong ip for host1 and i connect to this fakehost ssh should complain about the wrong hostkey... Why do i need some kind of extra dns-spoofing protection? regards Frank