MiTM SSH session on a Cisco device talking TACACS+
Posted on 2016-11-02
In this scenario the client is running putty for the SSH client.
He needs to authenticate to a Cisco router.
The Cisco router is talking TACACS+ to the ACS server.
If an attacker was able to successfully MITM the connection between the client and the router, would the client get any type of warning that the connection is untrusted?
In the HTTP world, the user will get a warning in a form of a browser warning.
If it the destination was an SSH server, the user will get also get a warning.
I'm just not sure how they will get a warning if it was a Cisco device.