Expansion of privileges. If a malicious actor is already in your network, but doesn’t have domain admin right yet for example, taking control of all the machines that connect to a server they do have control over would be helpful in a variety of ways.
> If a malicious actor is already in your network ...
Then you're talking about a man-in-the-middle attack, which I acknowledge as a problem.
I don't agree that fixing bugs which date back to the completely insecure rcp program are the key to solving man-in-the-middle attacks in the SSH suite.
If you have to put in defenses at that level, you've already lost; the goal must be to eliminate or minimize the threat of a MITM attack on the authentication system.
This nonsense is analogous to putting a layer of Pig Latin and ROT-13 into the protocol in case the attacker breaks the AES cipher.
