> In the scenario that the OP hypothesized, yes, spoofing the > fingerprint would help the attacker. A user who attempted to ssh to > the router would not be warned that the host had changed and would > submit their password to a rogue host. > > In answer to the original question, though, spoofing the fingerprint > would be extraordinarily difficult. I don't see any fingerprints stored in /etc/ssh/ssh_known_hosts or the user's equivalent ~/.ssh/known_hosts, these are the actual public half of the RSA keys. Spoofing these means breaking RSA and generating the corresponding private pair. If someone could do this, I doubt they would waste their talents on logging in to some poor schmuck's Fedora box. There are much jucier and lucrative targets. -wolfgang -- Wolfgang S. Rupprecht If the airwaves belong to the public why does the public only get 3 non-overlapping WIFI channels? -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
