Ssh MITM attack when using tor

Dave Page grimoire at
Sat Feb 3 01:29:57 UTC 2007

On Fri, Feb 02, 2007 at 04:29:33PM -0500, James Muir wrote:

> In any case, ssh public keys are self-created and are not validated by
> TTPs.  So, the very first time you connect to the server I don't think
> you would be able to detect a mitm attack.

This is why you should always establish the SSH key fingerprint through
some other mechanism before you try to connect. I've got the
fingerprints for servers I often connect to written down in my wallet.

Dave Page <grimoire at>
Jabber: grimoire at

More information about the tor-talk mailing list