[TriLUG] Semi-OT: Detecting HTTPS inspection? Does that compromise SSH?

[Brian]

Hi!

So I've recently heard our IT group say they're using HTTPS packet 
inspection (!).  So a question that immediately comes to my 
less-than-expert mind is, "are they compromising my SSH traffic?"

Reading that I've done so far suggests that HTTPS inspection is achieved 
via a MITM attack; doing so without detection involves various 
manoeuvres involving CAs and such.  So my browser could be quietly 
accepting the MITM-ed HTTPS sessions if IT has already told it to accept 
the different cert.

Seems like a MITM attack could also be used with an SSH session, but I 
don't know enough about it to feel certain.  What I've done so far is 
verify that my client does see the correct RSA fingerprint of the 
intended server.  Is that enough for me to feel confident in the 
security of my SSH tunneled traffic from our IT department's prying eyes?

Thanks,
~B