Ssh MITM attack when using tor

Bryan Fordham bfordham at
Fri Feb 2 21:31:55 UTC 2007

> In any case, ssh public keys are self-created and are not validated by
> TTPs.  So, the very first time you connect to the server I don't think
> you would be able to detect a mitm attack.

unless you knew the key's fingerprint. Otherwise, no, you wouldn't detect
it. Until the next time you connected through tor, and you got the real key
8) Ironically you'd think the real was the fake, I guess.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the tor-talk mailing list