On Mon, 17 Jan 2011, Michael Halcrow wrote: >> # securiSH SHell: Make it easy to ssh without worrying about host keys. >> alias shsh="ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" > > At a security conference I attended some time back, the host of a > discussion session asked who always checks the SSH fingerprint on every > connection. No hands went up. > > As it turns out, it would probably suffice to fabricate just the first 8 > or so characters and the last 8 characters of the fingerprint, which is > much more easily brute-forced than the entire hash. Only a few OCD > admins with time to burn will meticulously validate every character of > every fingerprint.
What you lose by turning host key caching off entirely, though, is any warning when keys suddenly change for no reason. I agree most sysadmins don't check the whole fingerprint of every new server they visit. But they still get all the benefits of being warned if a fingerprint later changes. Including if they get MITM'd initially and later the MITM attack ends, and the real key comes through and causes a warning. That level of laxness will not stop a MITM attack initially, but at least it'll tip you off to it afterwards so you can investigate. Jon -- Jon Jensen End Point Corporation http://www.endpoint.com/ -------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info (unsubscribe here): http://uug.byu.edu/mailman/listinfo/uug-list
