On Sat, 2009-11-14 at 15:09 -0800, Eugeneapolinary Ju wrote: > When I first log in to my router [192.168.1.1] through ssh, it says: > > The authenticity of host 'XXXX.XX (192.168.1.1)' can't be established. > RSA key fingerprint is 51:c6:d1:7a:45:c4:74:3e:31:ee:3a:5a:2d:e1:bf:74. > Are you sure you want to continue connecting (yes/no)? > > that's OK [it gets stored in the known_hosts file, on my client machine]. > > But: > > what happens, if someone turns off my router, then installs a pc with ip 192.168.1.1? > > And! - it spoofs _the same rsa fingerprint_, that was on my router. > > Then, when I want to log in to 192.168.1.1, I will type my password, and it will stole my password... > > So the question is: > > Could that be possible, to spoof the rsa_fingerprint? [because the router say's the fingerprint when first logging in to it, etc..so could that be spoofed?] The fingerprint is simply a hash of the router's full public key. Spoofing the fingerprint still won't enable the spoofer to understand encrypted communications sent to them (which will continue to use the router's genuine public key since the client hasn't noticed anything changed). The spoofer can't guess the private key from the public key without physical access to the router. If the spoofer generates its own public/private key pair, the client will notice that the signature changed. That's the point of the warning message. See http://www.securityfocus.com/infocus/1806 poc -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines