[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Ssh MITM attack when using tor



Bryan Fordham wrote:

If someone were to upgrade/change their server OS or generate a new
key for purely non-malicious reasons, this could happen, no?



that's true. But if you disconnect, reconnect, and get the old key, something is funky.


fwiw, that's what's happened to me. And I know the ssh key on the server hasn't changed.

Just because you upgrade your OS doesn't mean you should throw out all your server's public keys. I would think that the server's maintainer would migrate the public keys over to the new system (if they remember, and if their hard drive hasn't crashed).


In any case, ssh public keys are self-created and are not validated by TTPs. So, the very first time you connect to the server I don't think you would be able to detect a mitm attack.

-James