please decrypt your manuals

Doru Georgescu headset001 at yahoo.com
Mon Apr 19 17:06:33 EST 2010


On Wed, Apr 07, 2010 at 09:24:57PM +0200, Peter Stuge wrote:
> MITM is easy if the TCP session can be rerouted, but it's not
> possible to perform undetected MITM attack without access to the
> server host key.

And if user authentication is done with public keys then a man in the
middle attack isn't possible even if the attacker knows the private part
of the host key. At least not unless the server or the client has been
compromised in other ways, e.g. if it is using a broken random number
generator.

----------------

If the attacker knows the server's private host key, and all public keys, then it could impersonate the server in front of the client. Why not? 

Doru 




      


More information about the openssh-unix-dev mailing list