Ssh MITM attack when using tor

James Muir jamuir at
Fri Feb 2 21:29:33 UTC 2007

Bryan Fordham wrote:
>     If someone were to upgrade/change their server OS or generate a new
>     key for purely non-malicious reasons, this could happen, no? 
> that's true. But if you disconnect, reconnect, and get the old key, 
> something is funky.
> fwiw, that's what's happened to me. And I know the ssh key on the server 
> hasn't changed.

Just because you upgrade your OS doesn't mean you should throw out all 
your server's public keys. I would think that the server's maintainer 
would migrate the public keys over to the new system (if they remember, 
and if their hard drive hasn't crashed).

In any case, ssh public keys are self-created and are not validated by 
TTPs.  So, the very first time you connect to the server I don't think 
you would be able to detect a mitm attack.


More information about the tor-talk mailing list