What does SSH protect against?
Ssh protects against (again, from the README): • IP spoofing, where a remote host sends out packets which pretend to come from another, trusted host. Ssh even protects against a spoofer on the local network, who can pretend he is your router to the outside. • IP source routing, where a host can pretend that an IP packet comes from another, trusted host. • DNS spoofing, where an attacker forges name server records • Interception of cleartext passwords and other data by intermediate hosts • Manipulation of data by people in control of intermediate hosts • Attacks based on listening to X authentication data and spoofed connection to the X11 server In other words, ssh never trusts the net; somebody hostile who has taken over the network can only force ssh to disconnect, but cannot decrypt or play back the traffic, or hijack the connection. The above only holds if you actually use encryption. Ssh does have an option to use encryption of type “none” this is only for debugging purposes, and s
