Can an SSH server fingerprint be spoofed?
No, this is not possible. Depending on the key exchange mechanism in use, there are (slightly) different mechanisms for proving the identity of the server. This is defined in RFC4253 where it requires "explicit server authentication." In the case of RSA (RFC 4432), the server signs a piece of data provided by the client (actually a hash of several pieces) with its private key and sends it back to the client. This signature proves that the server is in possession of the private key. Without this, there would be no protection at all against MITM attacks on SSH.