• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 153
  • Last Modified:

MiTM SSH session on a Cisco device talking TACACS+


In this scenario the client is running putty for the SSH client.
He needs to authenticate to a Cisco router.
The Cisco router is talking TACACS+ to the ACS server.

If an attacker was able to successfully MITM the connection between the client and the router, would the client get any type of warning that the connection is untrusted?  
In the HTTP world, the user will get a warning in a form of a browser warning.
If it the destination was an SSH server, the user will get also get a warning.
I'm just not sure how they will get a warning if it was a Cisco device.
1 Solution
TACACS+ doesn't have integrity checking built in. If you would do MiTM attack, it would have no way to tell if it's original or modified.

Edit: I misread your question. If a client connected previously to a router/switch, it would already have ssh signature cached. If the signature would change, a client would be notified.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now