[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

ssh man-in-the-middle attack

Someone reported similar behavior a while back, so I figured I'd mention this:

yesterday while using ssh over tor, ssh complained loudly that the key
on the remote server had changed. I knew it had not. I canceled the
operation, tried again, and everything worked as normal.

The key fingerprint was: 44:7b:f7:9f:44:9a:a4:de:be:f5:e6:a7:0e:e1:a2:ff

I've only had this happen once. The moral is: know the fingerprint of
the server you're connecting to when connecting for the first time