Great job, now you are a 'Man In The Middle' between Anderson and VSA. Waiting for some traffic you run nmap against VSA's servers, and find that only one SSH port is open to the public. This means you don't have a chance to change the traffic between VSA and Anderson (because it is encrypted and integrity checked), so you can't change your good program to the evil one. After knocking your head into the wall you read some posts on public forums from Anderson, and finally find something. Here is a small suggestion from Anderson when using ssh:
"We strongly recommend our clients to check the fingerprint for first time communication, but we know how long these fingerprints are, so we recommend only to check the first 2 and the last bytes in hexa values in the fingerprint. Believe us, we really know what security is about..."
Here you can download the public key for the VSA SSH server.
VSA public key
In this context fingerprint means a hexa digest for a public key. Your job is to create a 1024 bit ssh rsa2 private key, which corresponding fingerprint can trick the Anderson fingerprint matching protocol. This means that the first 2 and the last bytes in hexa values of the corresponding fingerprint must be the same as VSA's public key fingerprint.
For example if the current SSH key looks like this:
12:34:56:78:AA:BB:CC:DD:EE:FF:11:12:13:14:15:16
you have to create a private key which corresponding public key is
12:34:.*:16
If you have this private key file, paste it in an OpenSSH format, without password protection, so your SSHarp tool can use it.
Hint: playing with the parameters helped me to find 3 "good enough" private keys in 1 minute.
hidden hint: Search for fuzzy fingerprinting. You can find the tool with other search words, but thats the tool you really need.