man-in-the-middle attack: say you ssh from aaa to ccc. somewhere along the
line some hacker at bbb intercepts your stream (like, from the start of
the connection). He/she can then connect you to their sshd, which will
then forward to ccc.
what does this acheive? he is dycrypting the data, reading it, before
resending it to ccc. so all your "secure" data is compromised. you think
you are tramsmitting directly to ccc, and are blissfully unaware of what
is going on/
not very likely to happen, but it can/does occur. not just ssh either.
means that even ssh is vulnerable, but you can fix that by already having
a copy of bbb's key. also, if you have connected to ccc previously, you
should have a copy of the key stored locally, so ssh should give you a
warning if the keys are different.
clear as mud?
chris.
On Sun, 12 Mar 2000, Chad W. Skinner wrote:
> > AND I don't have to worry about the man-in-the-middle attack.
>
> Never heard of this one what is it?
>
> Chad
>
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
>
>
A bus station is where a bus stops.
A train station is where a train stops.
On my desk, I have a work station......
Chris Dowling.
[EMAIL PROTECTED]
[EMAIL PROTECTED]
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
