asked 2013-12-26 00:54:06 +0300
Please display the SSH Host Key(s) fingerprint(s) within the "System Settings"/"Developer Mode" menu or within a sub menu. Also, please add a feature to generate new SSH host key(s) within the same menu.
answered 2014-03-20 23:35:40 +0300
You can display the fingerprint of your jolla host keys with the command (in fingerterm) :
for f in /etc/ssh/*.pub
do
ssh-keygen -lf "$f"
done
I usually have this in my login scripts on all machines I use. If I get a host-key changed warning, I can immediately compare to what the ssh-client said once I have logged in. If there is a breach, I will at least know about it immediately after login. Though it would have been better to know before login, just knowing immediately after login is good enough for me; a real man-in-the-middle attack happens rarely.
00prometheus ( 2014-03-21 04:07:35 +0300 )edit@00prometheus how will you know in case there is a MITM and the man in the middle manipulates your shell / binaries / ... to display the fingerprint he wants it to display? Essentially you some method to get the host key before connecting and you should not connect if there is a warning. @vbregier: I did not think of the terminal app, thank you.
Nirkus ( 2014-04-14 02:17:42 +0300 )edit@Nirkus, because the attacker has not yet gained access to my account, that is why they are performing a MITM.
00prometheus ( 2014-04-14 05:18:40 +0300 )edit@00prometheus: when you log in during an MITM attack, you authenticate to the [first] MITM and not to your original destination. So, when you authenticate via e.g. password during an MITM attack, the attacker can obtain your password and use it to authenticate against your original destination and emulate your session with that destination host (with a few modifications, for example).
Nirkus ( 2014-04-25 16:57:19 +0300 )editIn the classic mitm, the attacker sits between the user and server, silently observing the traffic and changing parts of it to suit them. A mitm attack would pass on my password to the server and then pass on the response from the server to me. The insidious part of mitm is that it is undetectable without countermeasures. No failed login, no difference at all. I would be warned about the key discrepancy. To perform the kind of attack you describe, they would need to know about my setup and know that a straight-forward mitm would fail. That means that the attacker is specifically targeting me, and falls outside my threat-model. I'd be screwed so many ways from an attacker targeting me specifically (such as: there is a window in all the rooms I use to log in, so filming my fingers entering a password is trivial).
00prometheus ( 2014-04-25 22:39:17 +0300 )editAsked: 2013-12-26 00:54:06 +0300
Seen: 576 times
Last updated: Mar 20 '14
Care to explain for what is this information useful? Any use-cases ? I'm not saying it isn't, just that I don't know why would I want to see SSH Host-key finfgerprints ;)
foss4ever ( 2013-12-26 02:04:16 +0300 )editFor instance, if you try to ssh to Jolla phone and you get the alert "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!", it will show the fingerprint of the server that has answered. If the device would show its own fingerprint, it could be easy to verify that it's your device you're connecting to.
simosagi ( 2013-12-26 13:42:15 +0300 )editThe purpose of SSH host keys is to authenticate a host and prevent man-in-the-middle (MITM) attacks. When connecting to a new host via SSH, you should at least verify the host key fingerprint by retrieving it on another channel (display in settings).
Nirkus ( 2013-12-26 22:18:20 +0300 )editYou should be able to re-generate the SSH host key from the settings menu to achieve reasonable confidence that the private host key from your Jolla device has not been extracted.
Nirkus ( 2013-12-26 22:21:25 +0300 )edit@Nirkus thanks for the explanations ;)
foss4ever ( 2013-12-26 22:26:39 +0300 )edit