please decrypt your manuals
Doru Georgescu
headset001 at yahoo.com
Mon Apr 19 17:06:33 EST 2010
On Wed, Apr 07, 2010 at 09:24:57PM +0200, Peter Stuge wrote:
> MITM is easy if the TCP session can be rerouted, but it's not
> possible to perform undetected MITM attack without access to the
> server host key.
And if user authentication is done with public keys then a man in the
middle attack isn't possible even if the attacker knows the private part
of the host key. At least not unless the server or the client has been
compromised in other ways, e.g. if it is using a broken random number
generator.
----------------
If the attacker knows the server's private host key, and all public keys, then it could impersonate the server in front of the client. Why not?
Doru
More information about the openssh-unix-dev
mailing list