[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Ssh MITM attack when using tor
On Fri, Feb 02, 2007 at 04:29:33PM -0500, James Muir wrote:
> In any case, ssh public keys are self-created and are not validated by
> TTPs. So, the very first time you connect to the server I don't think
> you would be able to detect a mitm attack.
This is why you should always establish the SSH key fingerprint through
some other mechanism before you try to connect. I've got the
fingerprints for servers I often connect to written down in my wallet.
Dave
--
Dave Page <grimoire@xxxxxxxxxxxxxxxxxxxxx>
Jabber: grimoire@xxxxxxxxxxxxxxx