f



Password camouflage in SSH, version 1

	Can anybody explain the purpose of password camouflage for version 1 of
the SSH protocol? I am specifically talking about the approach taken by
the PuTTY SSH client. I have noticed that this client implementation sends
multiple SSH_MSG_IGNORE packets surrounding the password packet itself,
allegedly to prevent eavesdroppers from finding out the exact length of
the password. 

	Now the password packet is transferred after the SSH handshake is
complete - therefore, encrypted. More importantly, SSH clients can (as
OpenSSH's does) pad the actual password with null characters to the right,
thus hiding the password length: Attackers will be able to determine the
maximum number of characters that the password being transferred could
possibly have, but that's all. This seems to be a far less cumbersome way
of hiding the password length.

	I must obviously be missing something here. Could somebody please
enlighten me?


0
asfxvd (121)
10/12/2005 3:20:10 PM
comp.security.ssh 4228 articles. 0 followers. terra1024 (490) is leader. Post Follow

4 Replies
428 Views

Similar Articles

[PageSpeed] 35

Augustus SFX van Dusen  <ASFXvD@story.net> wrote:
> Now the password packet is transferred after the SSH handshake is
> complete - therefore, encrypted. More importantly, SSH clients can (as
> OpenSSH's does) pad the actual password with null characters to the right,
> thus hiding the password length: Attackers will be able to determine the
> maximum number of characters that the password being transferred could
> possibly have, but that's all. This seems to be a far less cumbersome way
> of hiding the password length.

But it has the disadvantage that it isn't technically correct
according to the SSH protocol definition. A server might perfectly
validly treat those NULs as part of the password, and reject your
login because the password didn't match the stored one. Some
actually do this. It so happens that _most_ servers are written in C
and hence treat NULs as end-of-string unless painstakingly told not
to, but that behaviour isn't mandated by the standard (in fact
strictly speaking you could probably argue that it's a _violation_
of the standard).

PuTTY will fall back to that approach if it knows it's dealing with
a server which can't handle our standards-compliant strategy, of
which there are also a few.
-- 
Simon Tatham         "infinite loop _see_ loop, infinite"
<anakin@pobox.com>     - Index, Borland Pascal Language Guide
0
anakin (252)
10/12/2005 4:23:42 PM
Augustus SFX van Dusen <ASFXvD@story.net> writes:
>	Can anybody explain the purpose of password camouflage for version 1 of
>the SSH protocol? I am specifically talking about the approach taken by
>the PuTTY SSH client. I have noticed that this client implementation sends
>multiple SSH_MSG_IGNORE packets surrounding the password packet itself,
>allegedly to prevent eavesdroppers from finding out the exact length of
>the password. 
>
>	Now the password packet is transferred after the SSH handshake is
>complete - therefore, encrypted. More importantly, SSH clients can (as
>OpenSSH's does) pad the actual password with null characters to the right,
>thus hiding the password length: Attackers will be able to determine the
>maximum number of characters that the password being transferred could
>possibly have, but that's all. This seems to be a far less cumbersome way
>of hiding the password length.

See
<http://tartarus.org/~simon-anonsvn/viewcvs.cgi/putty/ssh.c?view=markup>
(search for "Defence against traffic analysis") and
<http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter4.html#config-ssh-bug-plainpw1>.
0
jacobn (252)
10/12/2005 4:24:36 PM
>>>>> "ST" == Simon Tatham <anakin@pobox.com> writes:

    ST> It so happens that _most_ servers are written in
    ST> C and hence treat NULs as end-of-string unless painstakingly told
    ST> not to, but that behaviour isn't mandated by the standard (in fact
    ST> strictly speaking you could probably argue that it's a _violation_
    ST> of the standard).

Not disagreeing with anything, just commenting: actually, I don't see it
as a violation of the standard -- such a client is simply sending the
wrong password, and hoping the server is similarly buggy.  :)

-- 
  Richard Silverman
  res@qoxp.net

0
res49 (1410)
10/12/2005 7:49:33 PM
Richard E. Silverman <res@qoxp.net> wrote:
> Not disagreeing with anything, just commenting: actually, I don't see it
> as a violation of the standard -- such a client is simply sending the
> wrong password, and hoping the server is similarly buggy.  :)

Fair point. Perhaps what I should have said was that although
sending a password of "sekrit\0\0\0" is not a standards-violating
thing to do _in and of itself_, it is also not a standards-
compliant way to send the password "sekrit". Better? :-)
-- 
Simon Tatham         "Selfless? I'm so selfless I
<anakin@pobox.com>    don't even know who I am."
0
anakin (252)
10/12/2005 8:38:11 PM
Reply:

Similar Artilces:

ssh ssh
I am trying to write a script that takes a list of hosts and sshs into the first one and then can ssh to other ones. I can only ssh to the other hosts from the first host. Here is what I tried: I think it is waiting for the ssh to the first host to finish. I guess I could scp a partial hostlist and a program to *.domain and then run the program remotely. Am I on a right track? #!/bin/perl use strict; open( HL, '<hostlist3.txt' ) || die "can't open hostlist3"; #!/bin/perl use strict; open( HL, '<hostlist3.txt' ) || die "can't open hostlist3&qu...

SSH over SSH
Hi all, Our university network is accessed through a gateway machine, which accepts SSH connections and from which I can SSH onto other machines. I'm looking to write a program to make it easy for Mac OS X users to set up tunnels. Part of this involves storing passwords in the keychain. If I just want to forward a local port to the gateway machine, I can set SSH_ASKPASS to something suitable which looks in the keychain. However, if I want to forward a local port to another machine on my university network, i.e., another hop, I need to somehow have an SSH_ASKPASS utility on the gateway m...

ssh to ssh
I have the following scenerio: Remote PC with Xmanager small linux gateway, with sshd and ssh but no X software local host with sshd and X software I am trying to do the following from the remote PC: ssh -X (gateway addr. x.x.x.x "ssh -X (local host add 192.168.25.40) xterm" and it is failing. Please help if possible. Looking at the verbose output I see: OpenSSH_3.8.1p1, OpenSSL 0.9.7c 30 Sep 2003 debug1: Reading configuration data /etc/ssh/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to x.x.x.x [x.x.x.x] port 80. debug1: Connection established. debug1: ident...

SSH-1.99-OpenSSH_4.1 vs. SSH-1.99-OpenSSH_3.8.1.p1
Are there any known issues with SSH-1.99-OpenSSH_4.1, as with version SSH-1.99-OpenSSH_3.8.1.p1 I don't have to set keep alive parameter? I am not sure if this is related, I have a ksh script that calls a db2 pl stored procedure several times when it comes to certain iteration, it ends up hanging in the middle. I experienced this with an environment that has SSH-1.99-OpenSSH_4.1 but not with a different environment that has OpenSSH_3.8.1.p1. Thanks in advance ...

SSH-1.99-OpenSSH_4.1 vs. SSH-1.99-OpenSSH_3.8.1.p1 on AIX 5.3
Are there any known issues with SSH-1.99-OpenSSH_4.1, as with version SSH-1.99-OpenSSH_3.8.1.p1 I don't have to set keep alive parameter? I am not sure if this is related, I have a ksh script that calls a db2 pl stored procedure several times when it comes to certain iteration, it ends up hanging in the middle. I experienced this with an environment that has SSH-1.99-OpenSSH_4.1 but not with a different environment that has OpenSSH_3.8.1.p1. Thanks in advance ...

SSH-1.99-OpenSSH_4.1 vs. SSH-1.99-OpenSSH_3.8.1p1
Are there any known issues with SSH-1.99-OpenSSH_4.1, as with version SSH-1.99-OpenSSH_3.8.1.p1 I don't have to set keep alive parameter? I am not sure if this is related, I have a ksh script that calls a db2 pl stored procedure several times when it comes to certain iteration, it ends up hanging in the middle. I experienced this with an environment that has SSH-1.99-OpenSSH_4.1 but not with a different environment that has OpenSSH_3.8.1.p1. Thanks in advance RG wrote: > Are there any known issues with SSH-1.99-OpenSSH_4.1, as with version > SSH-1.99-OpenSSH_3.8.1.p1 I don...

putty and SSH Secure Shell 3.2.9.1 (non-commercial version)
Hello, My sysadmin has just installed a new version of sshd - SSH Secure Shell 3.2.9.1 (non-commercial version). And since that my putty does not want to connect to it any more! Putty 0.53. Any ideas how to overcome that? Mirek -- email: http://tiny.pl/63 Poci�giem do Niemiec - http://bahn.prv.pl/ mirekb@ii.uni.wroc.pl writes: >My sysadmin has just installed a new version of sshd - >SSH Secure Shell 3.2.9.1 (non-commercial version). >And since that my putty does not want to connect to it any more! >Putty 0.53. Any ideas how to overcome that? (a) PuTTY 0.53 has lots of serious vulnerabilities. You should be using the latest version (0.55) for that reason alone. (I've no reason to think that it will also solve your problem, off the top of my head, but you should still upgrade.) (b) You haven't given us very much information to go on! What do you mean when you say PuTTY "does not want to" connect? What do you try, and what exactly happens? > (a) PuTTY 0.53 has lots of serious vulnerabilities. You should be using > the latest version (0.55) for that reason alone. (I've no reason to > think that it will also solve your problem, off the top of my head, > but you should still upgrade.) It did not help me, but I've upgraded putty to 0.55. > (b) You haven't given us very much information to go on! What do you > mean when you say PuTTY "does not want to" connect? Wha...

3DES in SSH-1 and SSH-2
According to the SSH-1 document that can be obtained from the OpenSSH home pages, the way in which 3DES is used under SSH-1 is a nonstandard variation of what is understood nowadays as 3DES in CBC mode - essentially, in SSH-1 one uses three initialization vectors, instead of only, as in standard 3DES-CBC. I believe that, on the other hand, the 3DES-CBC usage in SSH-2 is completely standard. Can anybody confirm (or deny) all this? ...

Secure SSH Version
Hello, Is OpenSSH_2.9p2 known to be bug free, or are the serious security risks? thanks, mike On 2005-04-27, Michael Schreiber <nospam@schreiber.at> wrote: > Is OpenSSH_2.9p2 known to be bug free, No, it's known to have at least one serious security flaw in some configurations: http://www.openssh.com/txt/preauth.adv and another possible flaw (in all configurations): http://www.openssh.com/txt/buffer.adv -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the ...

broken SSH ld.so.1: ssh: fatal: libgss.so.1: open failed: No such file or directory
After a recent patch cluster SSH has broke. It looks like a missing or corrupt library, but I am unsure how to fix it. Has anyone seen this before? Here is the output I get when attempting to SSH to another machine- ld.so.1: ssh: fatal: libgss.so.1: open failed: No such file or directory Killed If I try to SSH to this machine I receive- " Secure connection refused" dnaflr2@yahoo.com writes: >After a recent patch cluster SSH has broke. It looks like a missing or >corrupt library, but I am unsure how to fix it. Has anyone seen this >before? Here is the output I get when a...

disabling root ssh, and ssh password authentification?
Over in comp.os.linux.networking I got advice to enhance security by: "disable ssh root access" and "Typically you'd better disable completely any password authentification via ssh" The question I have is, what good would disabling root ssh access do? I mean, if someone has the root password anyway, which they'd have to have to ssh, they could probably get in with a different account and just "su -" right? I found this advice on how to disable root ssh. Is this right? http://forums.fedoraforum.org/archive/index.php/t-47795.html The other suggestion, dis...

How to switch SSH protocol from version 1 to version 2 in Cyclade
Our 4-port cyclade is currently running SSHv1.68 (see below the ssh process and sshd_config file). Due to security concern, we must disable this version SSH v1 and upgrade/run only the SSH protocol version 2. Could anyone let me know how to do it without losing my SSH connection to this Cyclade ? Thanks, Bill cyclade # ps -ef | grep ssh 306 ? root 4268 S /bin/sshd -f /etc/ssh/sshd_config cyclade # cat /etc/ssh/sshd_config # $OpenBSD: sshd_config,v 1.68 2003/12/29 16:39:50 millert Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin://bin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. #Port 22 #Protocol 2,1 #ListenAddress 0.0.0.0 #ListenAddress :: #HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key #HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key : : : > Could anyone let me know how to do it without losing my SSH connection > to this Cyclade ? In your sshd_config file, change: #Protocol 2,1 to read Protocol 2 SSH will need to be restarted for this to take effect. It should be possible to stop/start SSH without losing ...

How to use pub keys (not ssh password) in ssh command?
Assume I want to open an SSH connection from Linux to a remote computer. How can I use local pub/priv key files as parameters for authentication in this command? Remote computer supports ssh key files. Again: I do not want to use user/password for this but generated key files. Peter -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter Hanke <peter_ha@andres.net> schrieb: > Again: I do not want to use user/password for this but generated key files. Google? http://rcsg-gsir.imsb-dsgi.nrc-cnrc.gc.ca/documents/internet/node31.html - -- (`/\ `=\/\ `=\/\ `=\/ _\___ best regar...

'net/ssh' error /usr/lib/ruby/gems/1.8/gems/net-ssh-2.0.23/lib/net/ssh/transport/session.rb:65:in `i
Hi, I am trying to do ssh to multiple servers and get their versions using ruby Net::SSH When I assign a host name to a variable and used in Net::SSH it works fine server="test.server.com" Net::SSH.start(server, USER, :password=>PASSWORD) do |ssh| result=ssh.exec!('hostname') puts result end Whereas I put the servername in file read it in to a array, use each method for individual servers SERVER_LIST.each do |server| Net::SSH.start(server, USER, :password=>PASSWORD) do |ssh| hos...

net::ssh::Perl connecting to f-secure ssh server
Hi, I asked this on the wonderful Perlmonks site and am repeating here incase the one with the answer is here and not there.... We need to write a script that will connect to a softswitch (Ericsson), run commands retrieving output to files and sometimes using some of that output as parameters to more commands. The softswitch runs on Windows NT server and uses F-Secure 3.2.0. The client box will be Solaris with Perl 5.8.8. I can run ssh from the shell and connect OK. I can run the "commands" and see output on screen. I have started to write a demo in Perl and I can login f...

SSH Keys: MULTINET SSH Client to TCPIP SSH Server
Has anyone here had occasion to configure a Multinet 4.4 SSH client to use public key authentication when connecting to an HP TCPIP (5.4) SSH Server? I created my public/private DSA key pair on the Multinet host, copied the public key to my [.SSH2] directory on the TCPIP server, and referenced the new key in the TCPIP server's AUTHENTICATION file. From what I understand of the TCPIP SSH docs, the format of the public key file is a single (long) line, beginning with the key type and followed by the key value, e.g.: ssh-dss AAAAB3NzaC1kc...sf5C4quB5GaOVn+zogU= So after I copied my public key to the TCPIP host, I edited it with EVE to get it into the format shown above. Was this my mistake? Shuold I have used another method to make these two SSH implementations compatible? On the Multinet client, the same public key appears in this format: ---- BEGIN SSH2 PUBLIC KEY ---- Subject: <username> AAAAB3NzaC1kc... ... sf5C4quB5GaOVn+zogU= ---- END SSH2 PUBLIC KEY ---- To make the SSH connection, I entered this command on the MU host and received the following responses: $ SSH/USER=<host2username>/IDENT=<private key filename> <host> warning: <MUhostdev:[dir.SSH2]<private-key>.: 4: parsing line failed. warning: <MUhostdev:[dir.SSH2]<private-key>.: 5: parsing line failed. warning: <MUhostdev:[dir.SSH2]<private-key>.: 6: parsing line failed. warning: <MUhostdev:[dir.SSH2]<private-key>.: 7: parsi...

Pcl-cvs 1.66 and CVS over ssh (missing ssh-askpass)
I am just beginning to use a remote CVS installation via CVS. In the past, I have used a local CVS without difficulty using pcl-cvs. Also, my remote CVS works fine at the command line. However, when I try to access the remote repository, I get: Repository : :ext:sdavis@servername:/Volumes/Store1/cvsrep Working directory: /Users/sdavis/Work/R-Programs/packages/devel/ExpressCGH/ExpressCGH/R/ Message: cvs [update aborted]: end of file from server (consult above messages if any) Message: Parser Error: 'ssh_askpass: exec(/usr/libexec/ssh-askpass): No such file or di...

openssl 1.1 and SSH
What adjustments will be need when Openssl 1.1 hits the ground running? -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Birthdate 29 Jan 1969 Redhill, Surrey, UK ...

disable outgoing ssh version-1 requests
I need to disable all outgoing ssh v1 requests from the client. Can anybody tell me how to do that? $ man ssh_config .... Protocol Specifies the protocol versions ssh(1) should support in order of preference. The possible values are `1' and `2'. Multiple ver- sions must be comma-separated. The default is ``2,1''. This means that ssh tries version 2 and falls back to version 1 if version 2 is not available. .... -- Richard Silverman res@qoxp.net ...

Crack5 SSH-1 Pre-encrypted password how?
I have a old ZapStation and it runs Red Hat, a old Linux on it. I got port 22 open on it and I found it's Pre-encrypted password for root file. On my ubuntu server I installed Crack with "apt-get install crack-md5" Then "apt-get install wamerican-huge" and put the Pre-encrypted password SSH-1 in a file named "zap-root-pw" I am not sure how to run it for it to find out the password. I did this command and this is what it shows: Crack -fmt SSH-1 zap-root-pw Crack 5.0a: The Password Cracker. (c) Alec Muffett, 1991, 1992, 1993, 1994, 1995, 1996...

PuTTY/SSH-2.0-Sun_SSH_1.0.1/SSH-2 rekey bug
hi, i am trying to automate some file copies between a windows box and a solaris server. solaris 9 w/SSH-2.0-Sun_SSH_1.0.1. PuTTY verion is 0.57. pscp -v <options>... gives "We believe remote version has SSH-2 rekey bug" and then "The server's host key is not cached in the registry." i cannot find any information on the first error. the server host key really is cached in the registry, and is the correct key. TIA, robyn <robynew@yahoo.com> wrote: > pscp -v <options>... > gives "We believe remote version has SSH-2 rekey bug" and the...

ssh & new server: secureCRT can work, but ssh cannot authenticate after six password entries
Bizarre problem... I can ssh to my server from SecureCRT on a Windows box by switching from "Authentication: Password" to "Authentication: Keyboard Interactive", however, I can _not_ ssh from my Linux box. Please note that I'm using the correct password each time. bash-2.05b$ ssh myuser@mybox.myschool.edu Password: Password: Password: myuser@mybox.myschool.edu's password: Permission denied, please try again. myuser@mybox.myschool.edu's password: Permission denied, please try again. myuser@mybox.myschool.edu's password: Received disconnect from xx.xx.x.xxx: ...

ssh.com v3.2.9.1 slow performance with ftp over ssh port forwarding?
Hi, i am using a ssh port forwarded tunnel to secure a ftp connection between 2 linux boxes. both run the same ssh version, mentioned in subject. what i do is: ssh -l username remotehost -L ftp/10001:localhost:21 ftp/ should ensure that the data channel is encrypted via the tunnel as well, not only the control channel. anyways, i got a 3 mbit dsl line here, and am not able to get more than 210KByte/sec over the forwarded ftp connection. i treid the same setup to other machines as well, same results. i tried changing the ciphers, performance stays the same. i mean i would expect some overh...

ssh without password working for 1 user not for another
My OS is Solaris 10 on sparc. I have 2 users, having configured ssh in the same way: ssh-keygen -t rsa cd .ssh cat id_rsa.pub >> authorized_keys 1 user can ssh server (the same box just to validate) without password, but the second user is asked for password. I can't work out where the difference is made. can someone shed some lights on this, many thanks in advance. >>>>> "geounix" == geounix <geounix@gmail.com> writes: geounix> My OS is Solaris 10 on sparc. I have 2 users, having geounix> configured ssh in the same way: geounix> ssh-keygen -t rsa cd .ssh cat id_rsa.pub >> authorized_keys geounix> 1 user can ssh server (the same box just to validate) without geounix> password, but the second user is asked for password. I can't geounix> work out where the difference is made. geounix> can someone shed some lights on this, many thanks in advance. Take a look through: http://www.snailbook.com/faq/publickey-userauth.auto.html -- Richard Silverman res@qoxp.net ...

Web resources about - Password camouflage in SSH, version 1 - comp.security.ssh

Camouflage - Wikipedia, the free encyclopedia
Camouflage is the use of any combination of materials, coloration or illumination for concealment, either by making animals or objects hard to ...

Toy Story 3: Operation Camouflage for iPhone, iPod touch, and iPad on the iTunes App Store
Get Toy Story 3: Operation Camouflage on the App Store. See screenshots and ratings, and read customer reviews.

Camouflage - Flickr - Photo Sharing!
Explore friskypics' photos on Flickr. friskypics has uploaded 707 photos to Flickr.

Octopus Camouflage - YouTube
I did not make and do not own this video. BUT it was really cool and I wanted to upload it to my blog, and they had download availability on ...

The Stripes On Zebras Have Nothing To Do With Camouflage But A Lot To Do With Insects
The stripes seen zebras have evolved mainly to repel biting flies and not as camouflage against predators as we thought, according to new research. ...

EU parliament evacuated, man in camouflage arrested
... hundreds of people on Monday from the European Parliament to search a car for explosives, then arrested the owner - a man clad in camouflage ...

Wallabies ready for Scotland's camouflage man Scott Johnson in Rugby World Cup quarter-final
He once turned up to a press conference wearing camouflage to poke fun at the All Blacks, and the Wallabies expect former attack coach Scott ...

Philippe Couillard Not Pleased With Montreal Cops' Wearing Camouflage Pants At Parizeau Funeral
Philippe Couillard condemned the officers who chose to wear the colourful attire — part of an ongoing battle over pension reforms — saying it ...

Galaxy S6 Active press renders leak again, this time without camouflage backing
The Galaxy S6 Active has been leaked several times already, but now the well-connected Evleaks has posted another press render of the device. ...

Why Mello Yello Is Dressing Its Normally Bright Cans in Camouflage
Mello Yello is trading in its bright yellow look for camouflage as the brand goes on the hunt for more sales. The camo packaging design will ...

Resources last updated: 3/7/2016 1:26:54 PM