Package: openssh-client Version: 1:5.5p1-6 Severity: normal File: /usr/bin/ssh Tags: upstream
When the VerifyHostKeyDNS option is used, ssh attempts to verify unknown remote host keys by looking up SSHFP records in DNS. It relies on the AD (Authentic Data) flag in the response to determine whether the fingerprint it receives has been cryptographically verified by the resolver (i.e. with DNSSEC) and if so, may rely on the matching host key with no further verification. This is insecure because ssh has no guarantee the communication between the local (stub) resolver and an external recursive resolver which does the cryptographic validation has not been tampered with. An attacker could easily forge a response to the local resolver with the AD flag set. Even if the communication could be guaranteed to be secure, relying on the AD flag is wrong for another reason: a recursive resolver which also happens to be authoritative for a zone is not required to check the validity of its authoritative answers or set the AD flag in such responses. (It will, however, set the AA flag.) [See RFC 3655 sec. 2.2] I'm not aware of a means by which applications can securely determine the cryptographic validity of answers to DNS queries short of performing their own validations. A patch to perform local DNSSEC validation for all ssh DNS lookups is apparently included as part of DNSSEC-Tools: http://www.dnssec-tools.org/readme/README.ssh I would recommend that upstream consider integrating local DNSSEC validations for all DNS lookups, and not rely on the AD flag at all. -- System Information: Debian Release: 6.0 APT prefers stable APT policy: (990, 'stable'), (500, 'squeeze-updates') Architecture: i386 (i686) Kernel: Linux 2.6.38 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openssh-client depends on: ii adduser 3.112+nmu2 add and remove users and groups ii debconf [de 1.5.36.1 Debian configuration management sy ii dpkg 1.15.8.10 Debian package management system ii libc6 2.11.2-11 Embedded GNU C Library: Shared lib ii libedit2 2.11-20080614-2 BSD editline and history libraries ii libgssapi-k 1.8.3+dfsg-4 MIT Kerberos runtime libraries - k ii libssl0.9.8 0.9.8o-4squeeze1 SSL shared libraries ii passwd 1:4.1.4.2+svn3283-2+squeeze1 change and administer password and ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime Versions of packages openssh-client recommends: ii openssh-blacklist 0.4.1 list of default blacklisted OpenSS ii openssh-blacklist-extra 0.4.1 list of non-default blacklisted Op ii xauth 1:1.0.4-1 X authentication utility Versions of packages openssh-client suggests: ii keychain 2.6.8-2 key manager for OpenSSH pn libpam-ssh <none> (no description available) pn ssh-askpass <none> (no description available) -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
