[OT] ssh security

perryh at pluto.rain.com perryh at pluto.rain.com
Tue Mar 9 08:30:56 UTC 2010

Angelin Lalev <lalev.angelin at gmail.com> wrote:
> So, SSH uses algorithms like ssh-dss or ssh-rsa to do key exchange.
> These algorithms can defeat any attempts on eavesdropping, but cannot
> defeat man-in-the-middle attacks.  To defeat them, some pre-shared
> information is needed - key fingerprint.

What happened to Diffie-Hellman?  Last I heard, its whole point was
to enable secure communication, protected from both eavesdropping
and MIM attacks, between systems having no prior trust relationship
(e.g. any sort of pre-shared secret).  What stops the server and
client from establishing a Diffie-Hellman session and using it to
perform the key exchange?

More information about the freebsd-questions mailing list