Back to list
Strength and Weakness of Methods to Confirm SSH Host Key
Sep 22 2014 07:51AM
John Leo (johnleo checkssh com)
(advice from maxigas)
"verify your SSH key through the OpenPGP web of trust"
Strength: OpenPGP is cool if you REALLY know how to use it.
Weakness: "vote counting scheme" does not sound too cool.
"use of an organization's own HTTPS site"
(advice from Stephanie Daugherty)
In my personal opinion, this is the best solution.
Weakness: basically nothing - it's very secure.
"use DNSSEC to validate SSH fingerprints"
(advice from Micha Borrmann / Jeroen van der Ham / john)
This is a good solution.
Weakness: HTTPS is more mature than DNSSEC(in my personal opinion).
"ssh-keyscan -p 22 domain.com ..."
(advice from Busindre)
It's the same as running "ssh" directly.
(we made it)
Strength: this definitely stops ALL local bad boys.
While it's open source(and source code is less than 100 lines)...
We simply won't give you root password of the server(you don't own the server).
If adversary is EXTREMELY powerful:
It's better to set up your own Check SSH.
[ reply ]
Re: [FD] Strength and Weakness of Methods to Confirm SSH Host Key
Sep 24 2014 05:36PM
Gunnar Wolf (gwolf gwolf org)
Copyright 2010, SecurityFocus