On Thu May 22 2008, Mike McGrath wrote:
So what you're saying is it is impossible to do a man in the
middle attack
with OpenSSH (assuming the host keys of the server haven't been
compromised) ?
I am saying that the information an attackers gets when a user logs in with
public-key authentication to a server under the attackers control is not
enough to allow the attacker to login into another machine the user can login
to.
Regards,
Till