begin quoting Ralph Shumaker as of Fri, Sep 30, 2005 at 09:50:41AM -0700: > Stewart Stremler wrote: > >begin quoting Scott McClelland as of Wed, Sep 28, 2005 at 01:06:08AM [snip] > >>You should answer yes at the prompt. > > > >And you should use an empty password, too. > > Why?
Er.... I was following one piece of unsafe advice with another. Don't mind me, it's my twisted sense of humor that sometimes reveals itself. The issue is that SSH can do a wonderful job of protecting your connection, but like most encryption-based systems, it is trivially compromised via a man-in-the-middle attack. SSH protects against this by keeping a list of known hosts and their keys. When you first connect to a server, it'll tell you the key fingerprint of that server and ask if you want to trust that machine. What you're _supposed_ to do is have obtained the fingerprint via another channel beforehand, and now you compare the two and make sure that they're the same. If they aren't, you should say "no", and contact the appropriate people and start inquiring as to why you're not seeing the same fingerprint. If they are (the same), you can say "yes", and SSH will remember the key (thus, known_hosts), and should it ever change, it will complain most vociferously. Of course, 99% of the time, there is no problem -- there isn't a widespread man-in-the-middle attack against SSH out there that I know of -- so we become used to just saying "yes" to the program... and over time, that becomes "yes, yes, shut up already". I sometimes wonder if perhaps an actively hostile environment would *improve* security. Perhaps a world where cracking a system was so accepted that it's not even a crime, but more of a game, or a public service (crack the system, submit an announcement to the appropriate authorities who would then get to pull those systems off the 'Net until they can fix their security flaws). -Stewart "It would be a kill-or-cure solution." Stremler -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
