[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] dns-Spoofing and ssh?

Hello List,

the manpage of ssh_config describes the option CheckHostIP which is enabled by default. The description tells, that this option can protect from dns-spoofing attacks.

I just wondered how a dns-spoofing attack to ssh could work in general?
if i ssh to a machine:
ssh host1
the ssh client will resolve the ip of host (could be dns, depends on resolv.conf), connects to the host and checks the hostkey of host1 against /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts. If someone manages to give me a wrong ip for host1 and i connect to this fakehost ssh should complain about the wrong hostkey...
Why do i need some kind of extra dns-spoofing protection?


Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here