Eugeneapolinary Ju wrote: > When I first log in to my router [192.168.1.1] through ssh, it says: > > The authenticity of host 'XXXX.XX (192.168.1.1)' can't be established. > RSA key fingerprint is 51:c6:d1:7a:45:c4:74:3e:31:ee:3a:5a:2d:e1:bf:74. > Are you sure you want to continue connecting (yes/no)? > > that's OK [it gets stored in the known_hosts file, on my client machine]. > > But: > > what happens, if someone turns off my router, then installs a pc > with ip 192.168.1.1? > > And! - it spoofs _the same rsa fingerprint_, that was on my router. > > Then, when I want to log in to 192.168.1.1, I will type my > password, and it will stole my password... > > > So the question is: > > Could that be possible, to spoof the rsa_fingerprint? [because > the router say's the fingerprint when first logging in to it, etc..so > could that be spoofed?] > Only if they can get a copy of the host's private key. When the host is added to the known_hosts file, what you are really adding it the hosts public key. This is used to exchange encrypted messages between the two computers to establish that the server you are connecting to is the server it says it is. This can not be done if you do not have the server's public key. Mikkel -- Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup!
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
