Re: Need some education: Man-in-the-Middle Attacks



Nathan,
I've simplified this quite a bit, but I hope this is enough to answer
your question without getting too confusing. ;-)

Please, read the RFC 4253 and do not oversimplify the things: there is
no challenges in establishing the initial shared secret in SSH transport
layer.

You are refering to the wrong RFC, we are not talking about the
transport layer here, we are talking about the connection layer, info
on this can be found in RFC 4251(SSH Protocol Architecture - section
4.1).
Pardon me, but (citing RFC4251, section 4.1)
-----
The server host key is used during key exchange to verify that the
client is really talking to the correct server. For this to be
possible, the client must have a priori knowledge of the server's
public host key.
-----
And the key exchange is done in the transport layer.

Moreover, section 9.3.4 called 'Man-in-the-middle' recides in the section
9.3 called 'Transport' in the same RFC4251. Don't you think that is
means something ;))

The initial shared secret is established after you have performed the
host key checking.
Host key checking is performed during the Diffie-Helmann exchange
at least, see RFC4253, section 8.

Am I wrong?
--
Eygene