Monkey in the Middle attack on SSH is very difficult to perform. I'm cc'ing Matt Bishop (bishop@cs.ucdavis.edu) who together with yours truly wrote a paper on this in 1997.
Well I saw a monkey do it in 10 minutes with ettercap. Sorry I did mention in 1 of my posts that the ssh key sniff was done using arp soofing, my text got lost somewhere along the line....
*Yawn* warning: Executing /opt/bin/ssh1 for ssh1 compatibility. Host key not found from the list of known hosts. !! If host key is new or changed, ssh1 protocol is vulnerable to an !! attack known as false-split, which makes it relativily easy to !! hijack the connection without the attack being detected. It is !! highly advisable to turn StrictHostKeyChecking to "yes" and !! manually copy host keys to known_hosts. Are you sure you want to continue connecting (yes/no)? It does not matter what kind of security system you have if you dont bother to actually engage it. Alex