[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] SSH host key fingerprint - through HTTPS

Nice to hear from you!

I can only wish your suggestion is widely implemented. And don't forget those machines without domain.

Best Wishes,

On 2014-9-2 04:21, Jeroen van der Ham wrote:

On 1 Sep 2014, at 10:43, Stephanie Daugherty <sdaugherty@xxxxxxxxx> wrote:

Sure it shows me the fingerprint, but it doesn't tell me for sure if that's
the RIGHT fingerprint or the fingerprint of an imposter,

It's entirely possible that both myself and that site are BOTH falling
victim to a MITM attack.(routing attacks, DNS attacks, etc)

Proper host key verification (which nobody does) ideally means one or more
* Verification that the SSH host key is connected via certificate chain to
a trusted certificate,
* Comparison to a fingerprint being posted on the organization's OWN https
* Comparison to a fingerprint provided with a GPG or S/MIME signature from
the administrator of the machine.
* Voice verification of the host public key or its fingerprint with the
administrator of the machine.
* Obtaining a printed copy of the host public key or its fingerprint
directly from the administrator.

There is a way now, using the “magic” of DNSSEC and SSHFP records: http://tools.ietf.org/html/rfc4255

You use the DNSSEC hierarchy to create a trust chain. You can then securely publish a signed fingerprint of your SSH host key for that specific machine.