[olug] Making SSH key distribution and verification easier

[Dan Linder]

Interesting, but this comment made me think a second:
> For the fun of it, i put some SSHFP keys into a DNS server because the
> documentation in man ssh was just too easy.  (However, since we are
> not doing DNSSEC yet, it does not do much.)

What happens if things are turned on their head and a "bad guy" can
spoof an update to your DNS and adds his own SSH key into your DNS
entries?  If you've started going down the SSH-key-in-DNS route and
setup your ssh clients to authenticate based on this information, it's
possible to have your communication exposed by someone who injects
their own SSH key and performs a MITM attack, isn't it?

This is probably harder to do on the whole Internet, but I can imagine
some forward-thinking IT teams implementing this (so they don't have
to constantly say "yes, I trust this fingerprint"), and having an
un-trustworthy employee hack the internal DNS system to gain an
information foothold.

These might be movie-plot scenarios, but still viable I think.  Or did
I miss something that should mitigate this?

Don't get me wrong, I'm still for storing the SSH information in the
DNS once DNSSEC is implemented.  I just don't want the whole world
jumping to "B" when "A" is necessary but missing.  (But then 20 years
ago it was the norm to use "telnet" and send your password over the
network in the clear...)

Dan
-- 
***************** ************* *********** ******* ***** *** **
"Quis custodiet ipsos custodes?"
    (Who can watch the watchmen?)
    -- from the Satires of Juvenal
"I do not fear computers, I fear the lack of them."
    -- Isaac Asimov (Author)
** *** ***** ******* *********** ************* *****************