Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentXserve Up Mac OS X Server
31323334353637383940
34 Chapter 2 Connecting to Remote Computers
Be sure this is the correct key before accepting it. If possible, provide users with the
encryption key through FTP, mail, or a download from the web, so they can be sure of
the identity of the server.
If you later see a warning message about a man-in-the-middle attack (see below) when
you try to connect, it might be because the key on the remote computer no longer
matches the key stored on the local computer. This can happen if you:
 Change your SSH configuration on the local or remote computer.
 Perform a clean installation of the server software on the computer you are
attempting to log in to using SSH.
 Start up from a Mac OS X Server CD on the computer you are attempting to log in to
using SSH.
 Attempt to use SSH to access a computer that has the same IP address as a computer
that you used SSH with on another network.
To connect again, delete the entries corresponding to the remote computer (which can
be stored by name and IP address) in the file ~/.ssh/known_hosts.
An SSH Man-in-the-Middle Attack
Sometimes an attacker can access your network and compromise routing information,
so that packets intended for a remote computer are routed to the attacker, who then
impersonates the remote computer to the local computer and the local computer to
the remote computer.
Heres a typical scenario: A user connects to the remote computer using SSH. By means
of spoofing techniques, the attacker poses as the remote computer and receives
information from the local computer. The attacker then relays the information to the
intended remote computer, receives a response, and then relays the remote computers
response to the local computer.
Throughout the process, the attacker is privy to all information that goes back and
forth, and can modify it.
A sign that can indicate a man-in-the-middle attack is the following message that
appears when connecting to the remote computer using SSH.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Protect for this type of attack by verifying that the host key sent back is the correct host
key for the computer you are trying to reach. Be watchful for the warning message, and
alert your users to its meaning.