Ssh MITM attack when using tor
grimoire at sparky.ox.compsoc.net
Sat Feb 3 01:29:57 UTC 2007
On Fri, Feb 02, 2007 at 04:29:33PM -0500, James Muir wrote:
> In any case, ssh public keys are self-created and are not validated by
> TTPs. So, the very first time you connect to the server I don't think
> you would be able to detect a mitm attack.
This is why you should always establish the SSH key fingerprint through
some other mechanism before you try to connect. I've got the
fingerprints for servers I often connect to written down in my wallet.
Dave Page <grimoire at sparky.ox.compsoc.net>
Jabber: grimoire at jabber.earth.li
More information about the tor-talk