please decrypt your manuals

Doru Georgescu headset001 at
Wed Apr 21 00:17:41 EST 2010

> And if user authentication is done with public keys then a man in the
> middle attack isn't possible even if the attacker knows the private
> part of the host key.[...]

On Mon, Apr 19, 2010 at 12:06:33AM -0700, Doru Georgescu wrote:
> If the attacker knows the server's private host key, and all public
> keys, then it could impersonate the server in front of the client. Why
> not?

It can impersonate the server, but not perform a man in the middle
attack. Simplified, it's because it can't forge the Diffie-Hellman
exchange which affects the session ID which is signed by the user's key.
See the RFCs (4252 and 4253 I think) for a detailed explanation how it

Of course, this is probably mostly of interest in theory since a
compromised private server key may be an indication that the entire
server is compromised.



The attacker does not have some private decryption key? Anyway, this is too involved for me now, but thank you anyway. 



More information about the openssh-unix-dev mailing list