Protecting SSH using known_hosts Hashing
NMS @ MIT CSAIL: has a good article about why hackers want to target a known_hosts file when they first hack into a system. Through an initial hack they can gain a secure access to other systems that they wouldn't normally have to do all of the work to hack into it.
The basic premis of the fix is to encrypt the known-hosts file either through a patch provided by the site or to upgrade to OpenSSH ver. 4.0. Some good things to remember when dealing with SSH.
################################
UPDATE
Bruce Schneier covers some of the implications from this type of a hack and Techworld also carries an article looking at similar ideas. The Techworld article covers some of the ahcks which have used this kind of attack, the most prominent has beent eh theft of Cisco source code along wiht hacks into major universities, corporations, national laboratories, super-computing centres and military institutions.
The basic premis of the fix is to encrypt the known-hosts file either through a patch provided by the site or to upgrade to OpenSSH ver. 4.0. Some good things to remember when dealing with SSH.
################################
UPDATE
Bruce Schneier covers some of the implications from this type of a hack and Techworld also carries an article looking at similar ideas. The Techworld article covers some of the ahcks which have used this kind of attack, the most prominent has beent eh theft of Cisco source code along wiht hacks into major universities, corporations, national laboratories, super-computing centres and military institutions.
