Mailinglist Archive: opensuse-security (109 mails)

< Previous Next >
dns-Spoofing and ssh?
  • From: Moskito <moskito01@xxxxxx>
  • Date: Thu, 30 Mar 2006 10:28:02 +0200
  • Message-id: <442B9692.2040608@xxxxxx>
Hello List,

the manpage of ssh_config describes the option CheckHostIP which is enabled by default.
The description tells, that this option can protect from dns-spoofing attacks.

I just wondered how a dns-spoofing attack to ssh could work in general?
if i ssh to a machine:
ssh host1
the ssh client will resolve the ip of host (could be dns, depends on resolv.conf), connects to the host and checks the hostkey of host1 against /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts.
If someone manages to give me a wrong ip for host1 and i connect to this fakehost ssh should complain about the wrong hostkey...
Why do i need some kind of extra dns-spoofing protection?

regards
Frank

< Previous Next >
Follow Ups