Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 145
  • Last Modified:

MiTM SSH session on a Cisco device talking TACACS+

Experts,

In this scenario the client is running putty for the SSH client.
He needs to authenticate to a Cisco router.
The Cisco router is talking TACACS+ to the ACS server.

If an attacker was able to successfully MITM the connection between the client and the router, would the client get any type of warning that the connection is untrusted?  
In the HTTP world, the user will get a warning in a form of a browser warning.
If it the destination was an SSH server, the user will get also get a warning.
I'm just not sure how they will get a warning if it was a Cisco device.
0
trojan81
Asked:
trojan81
1 Solution
 
SIM50Commented:
TACACS+ doesn't have integrity checking built in. If you would do MiTM attack, it would have no way to tell if it's original or modified.

Edit: I misread your question. If a client connected previously to a router/switch, it would already have ssh signature cached. If the signature would change, a client would be notified.
1

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now