| From: Lennart Sorensen <lsorense@csclub.uwaterloo.ca> | It is not that simple. DH key exchange works and has been used for a | long time now because it works. Yes, but it doesn't prevent man-in-the-middle attacks. For that you need authentication. SSH does a few things for authentication. SSH hosts have keys. An SSH client warns the user if a hosts key has changed since the last time they talked. This puts little burden on the user and yet gives some security. But it won't detect a man-in-the-middle that was there from first contact. Users can authenticate with a client via passwords or via a public key. Both require out-of-band installation of credentials. I think that the password will travel over the wire when authenticating, but encrypted. But a spoofing server could collect passwords. With a public key system (like RSA), only a signature goes over the wire. So a spoofing server could not collect the key. Things get a little more intricate when you use ssh-agent for forwarding authenticaton.