Q10 SSH and Man-in-the-Middle Attacks

Question 1

Could public key authentication used in Secure Shell (SSH) completely prevent man-in-the-middle attacks? Justify your answer.

Answer 1

SSH Public Key Authentication and MITM Attacks:
* SSH Public Key Authentication: SSH uses asymmetric key pairs (public/private keys) for user and host authentication. For host authentication, the server presents its public host key to the client. The client verifies this key, typically by comparing it to a stored copy in its known_hosts file.
* Man-in-the-Middle (MITM) Attack: An attacker intercepts the communication channel and relays messages between the client and server, potentially altering them. In the context of authentication, the attacker might impersonate the server to the client and the client to the server.
* SSH’s Defense Against MITM (Host Authentication): SSH’s host authentication mechanism is specifically designed to counter MITM attacks. When a client connects to an SSH server, the server sends its public host key. The client checks if it recognizes this key (i.e., if it matches an entry in its known_hosts file). If the key is recognized and matches, the client proceeds, trusting the server’s identity. If the key is unknown or doesn’t match a previously stored key for that hostname/IP, the client warns the user of a potential MITM attack because it indicates that the server’s identity cannot be verified.

Can it Completely Prevent MITM? No. The sources state that MITM cannot happen unless the host itself has been compromised. This is a crucial caveat. If an attacker manages to:
◦ Compromise the Server: And replaces the legitimate server’s host key with their own before the client’s first connection, or if the attacker can maintain the compromise to present their key regardless of what’s in known_hosts.
◦ Compromise the Client: And alter the client’s known_hosts file, replacing the legitimate server’s key with their own, or preventing the client from saving/verifying the correct key on the first connection.

• In these scenarios, the client might accept the attacker’s public key as legitimate, either by being tricked on the initial connection or by the attacker manipulating the stored trusted key. Once the attacker’s key is accepted (explicitly by the user ignoring warnings, or implicitly through compromise), the attacker can establish a seemingly secure tunnel with the client and another with the server, relaying and potentially altering traffic while impersonating the server to the client.
• Justification: While SSH public key authentication, particularly host authentication with careful user verification of host keys (especially on the first connection), provides a strong defense by allowing clients to verify the server’s identity, its effectiveness relies on the integrity of the host keys stored on the client and the security of the server itself. If either endpoint is compromised before or during the secure association, an attacker can potentially circumvent the authentication and perform a MITM attack.