Ssh MITM attack when using tor
jamuir at scs.carleton.ca
Fri Feb 2 21:29:33 UTC 2007
Bryan Fordham wrote:
> If someone were to upgrade/change their server OS or generate a new
> key for purely non-malicious reasons, this could happen, no?
> that's true. But if you disconnect, reconnect, and get the old key,
> something is funky.
> fwiw, that's what's happened to me. And I know the ssh key on the server
> hasn't changed.
Just because you upgrade your OS doesn't mean you should throw out all
your server's public keys. I would think that the server's maintainer
would migrate the public keys over to the new system (if they remember,
and if their hard drive hasn't crashed).
In any case, ssh public keys are self-created and are not validated by
TTPs. So, the very first time you connect to the server I don't think
you would be able to detect a mitm attack.
More information about the tor-talk