Bryan, The way to stop the mitm attack is to pre-install the server's host key in the clients known_hosts file and set up the client so it won't connect to a host that doesn't match the pre-installed key. This key is the public key of the host and is used in a challange-response authentication to make sure that the host you are contacting actually holds the matching private key (server authentication).
HTH, Nathan On 8/29/06, Christ, Bryan <[EMAIL PROTECTED]> wrote:
All, Please pardon my naivete. I was looking at the diagram on the URL listed below and contemplating how host fingerprinting prevents MITM attacks. http://www.vandyke.com/solutions/ssh_overview/ssh_overview_threats.html So my question is this... Given the illustration in the URL above, what prevents Eve from *first* contacting Alice to obtain a fingerprint which then gets passed to Bob on the first connection attempt?
