[washingupliquid]

I'm supposed to believe MitM with the same exact keypair is somehow possible? Private keys are never exchanged. Did everybody forget how crypto works?

Yes you implicitly trust the public key on first login.... then just... immediately compare it with what's on your box?

Might as well seal your doors with duct tape to prevent ghosts from entering your home because this is equally effective.

[tptacek]

The author of this post understands that private keys are never exchanged. Read it more carefully.

[leni536]

How do you compare? What trusted channel do you use to retrieve the real public key?

[washingupliquid]

Public keys go over untrusted channels. That's why they're public.

I'm not confident you understand how crypto works.

You do realize the entire threat model here is a house of cards perched atop someone else's software hosted on someone else's hardware all of which you implicitly trust and discard in favor of some unlikely cloak and dagger interception scheme.

[comex]

Public keys can go over channels that an attacker can read. They cannot go over channels that an attacker can modify. (Which would include the SSH connection itself, until such time as you’ve verified the key through a trustworthy channel.)

[washingupliquid]

A public key is useless without the private key. Which the attacker in this unlikely scenario doesn't have.

So you login the first time and they either match, or they don't. If they don't you start over. The end.

Ignore the fact that most people will probably use the box to host a poorly coded vulnerable service anyway.

[akerl_]

If you’re being MITM’d, they’ll also match, because you’ll end up connected to an environment of the attacker’s choosing.

[minitech]

> in favor of some unlikely cloak and dagger interception scheme

someone who definitely understands how crypto works, describing the most basic possible MITM