> SSH Protocol Weakness Advisory Monday, July 22 2002 - rtm
It's not really a protocol weakness, it's an annoyance caused by
the fact that there are multiple type of hostkeys, see the
discussion at
http://marc.theaimsgroup.com/?t=101069210100016&r=1&w=4
Ssharp uses clever tricks to attack users by exploiting this
annoyance. However, a MITM attack is always possible if the ssh
client prints:
The authenticity of host 'jajajaja' can't be established.
The client in the next OpenSSH release will print out all known
keys for a host if a server (or MITM) sends an unknown host key
of a different type.
E.g. if you connect to a host with protocol v2 for the first
time, then the client warns you if you already have a key
for protocol v1, and so on.
That said, I'd like to repeat:
A MITM attack is always possible if the ssh client prints:
The authenticity of host 'jajajaja' can't be established.
So better verify the key fingerprints.
Moreover, protocol version 2 with public key authentication allows
you to detect MITM attacks.
