|
|
|
|
|
|
by heinrich5991
1541 days ago
|
|
|
> If you engage in a proof of private key ownership for your login, a man in the middle can use that exchange to log into another server that has the same public key. No, this is not true. The proof of private key ownership is bound to that specific SSH session (identified by some shared secret established via DH). This means the attackers options are: MITM the DH: Then your authentication won't work against any server. Don't MITM the DH but forward your authentication to the wrong server: Then you're on the wrong server (you might not notice), but the attacker cannot look into your session or modify anything. |
|
|