Perspectives : OpenSSH Client

Overview

When using SSH to connect to a remote machine, the user often encounters the following warning messages:


The authenticity of host 'host.domain.com (192.168.74.49)' can't be established.
RSA key fingerprint is 07:fd:fb:9b:03:a2:b4:e8:b3:c9:0f:0b:db:43:1c:1a.
Are you sure you want to continue connecting (yes/no)?


@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the DSA host key has just been changed.
The fingerprint for the DSA key sent by the remote host is
4c:68:03:d4:5c:58:a6:1d:bd:17:13:84:14:48:ba:99.
Please contact your system administrator.

Unfortunately, the standard SSH client provides no useful information for you to determine if these warnings are likely to be a real attack, or just a false alarm (i.e., the remote server legitimate change keys).

The Perspectives modification to the openSSH client software contacts a set of network notaries to gather information that helps you make a better security decision.

Installation

SSH Client Binaries

IMPORTANT: Read below for installation and usage instructions

Client Configuration Files

Both of these files must be installed in your ~/.ssh directory

If you download our OpenSSH client we suggest that you register for our LOW-VOLUME perspectives-announce email list. With the possible exception of critical security issues, we will not send out more than one email per month.

See the list of known issues below.

Using the SSH Client

You can install the modified 'ssh' binary into any directory, and use it just like you would normal ssh (note: depending on your browser, you may need to change the file permissions to make it executable. Try: 'chmod +x ssh'). You will need to copy two configuration files to the '.ssh' directory in your home directory. The client will not work without these files. The first is notary_list.txt , which contains the IP addresses and public keys of notary servers. The second is client_params.txt , which contains client settings like timeouts and quorum duration.

By default, the SSH client only contacts the probe server if the key is NOT already in the local cache (i.e., SSH's traditional mechanism for trusting keys). If you want to contact probe servers every time, you can use the '-d' flag followed by the string 'always-probe'. Similarly, the client normally summarizes information, only prompting the user to see details of each recorded probe if there is a warning (e.g., conflicting keys were detected). If you want to probe for every connection AND be able to see all probing details regardless of whether a conflict is detect, you can use the '-d' flag followed by the string 'always-prompt'. For example: 'ssh -d always-prompt user@www.domain.com'. It may be useful to set-up shell alias when testing this software.

Known Issues:

Source

OpenSSH Client Source Code

Right now, the build is not very well documented, but you must build the code in the 'common' and 'notary-client' directories before you can build the code in 'openssh-5.1p' directory.


Back to Perspectives Home