[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[suse-security] dns-Spoofing and ssh?
the manpage of ssh_config describes the option CheckHostIP which is
enabled by default.
The description tells, that this option can protect from dns-spoofing
I just wondered how a dns-spoofing attack to ssh could work in general?
if i ssh to a machine:
the ssh client will resolve the ip of host (could be dns, depends on
resolv.conf), connects to the host and checks the hostkey of host1
against /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts.
If someone manages to give me a wrong ip for host1 and i connect to this
fakehost ssh should complain about the wrong hostkey...
Why do i need some kind of extra dns-spoofing protection?
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here