Sebastian Krahmer studied Computer Science at the University of Potsdam, Germany. In particular his interest within the computer science field focuses on networking, cryptography and operating systems. He has written various software ranging from IPv4/IPv6 load balancers, SSL and SSH Man in the Middle implementations to rootkits.
He also actively reviews code for security vulnerabilities and develops proof of concept exploits for security relevant bugs. Sebastian contributed code to some open source projects such as libpcap and snort, to name some popular ones. He is working for the SuSE Security team since the year 2000 and lives in Potsdam, Germany.

Subject

SSH features

- Attacker usually breaks in via remote exploits (overflows etc)

- With SSH you can do many things, such as:

- steal authentication credentials

- bruteforce passwords

- Perform MiM attack (focus of the lecture)

- Man in Middle:

- A common attack on asymetric crypto

- With the use of SSH this means to be introduced as another server and send a spoofed hostkey

- SSH client records hostkeys, so it can detect attacks such as MiM

- Most of the MiM programs are able to perform this key-fake -> SSH this way detects an attack by comparing keys and exit

- Expressed more clearly: acquired key is lost via playing with the key-type or protocol version (see also http://stealth.7350.org/SSH/ssharp.pdf)

-> result: ssh client no longer exits since it doesn't find the key to compare with

- If everything is properly installed, a Demo shows how the xterm pops up upon client connection. The attacker takes over the SSH session and the password is logged

- This also shows that single time passwords are not secure