Re: spoof rsa fingerprint

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Eugeneapolinary Ju wrote:
> When I first log in to my router [192.168.1.1] through ssh, it says:
> 
> The authenticity of host 'XXXX.XX (192.168.1.1)' can't be established.
> RSA key fingerprint is 51:c6:d1:7a:45:c4:74:3e:31:ee:3a:5a:2d:e1:bf:74.
> Are you sure you want to continue connecting (yes/no)?
> 
> that's OK [it gets stored in the known_hosts file, on my client machine].
> 
> But:
> 
> what happens, if someone turns off my router, then installs a pc
> with ip 192.168.1.1?
> 
> And! - it spoofs _the same rsa fingerprint_, that was on my router.
> 
> Then, when I want to log in to 192.168.1.1, I will type my
> password, and it will stole my password...
> 
> 
> So the question is:
> 
> Could that be possible, to spoof the rsa_fingerprint? [because
> the router say's the fingerprint when first logging in to it, etc..so
> could that be spoofed?]
> 
Only if they can get a copy of the host's private key. When the host
is added to the known_hosts file, what you are really adding it the
hosts public key. This is used to exchange encrypted messages
between the two computers to establish that the server you are
connecting to is the server it says it is. This can not be done if
you do not have the server's public key.

Mikkel
-- 

  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux