Re: MIM not possible against secure (ie most) SSL
Try to use ettercap with etter.filter.ssh filter.
It tries to convince the client that the server only support ssh v1 (if it supports both). So if you run simply ssh it will look up on known_hosts keys (not known_hosts2). If you always use ssh with v2 by default you don't have the right key in known_hosts so no warning pop-up but a simple "do you want to add..."
Good Work Guys!