An academic study has shown how it’s possible for someone to snoop on certain devices’ SSH connections and, with a bit of luck, impersonate that equipment after silently figuring out the hosts’ private RSA keys. By impersonating these devices, in a man-in-the-middle attacks using those deduced private host keys, the spy would be able to quietly observe users’ login details and, by forwarding the connections to the real equipment, monitor those users’ activities with the remote SSH servers.
Source: The Register