Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SSH host key fingerprint - through HTTPS

From: Jamie Riden <jamie.riden () gmail com>
Date: Tue, 2 Sep 2014 11:50:24 +0100
If your HTTPS is not being MiTMed as well... (or the edge case - if it
is not John Leo doing the MiTMing of your SSH connection :)

If you trust Mr Leo *and* you know what that HTTPS cert should look
like, it may be of use. Personally, I'd rather do it more out-of-band
than this, but could be handy in a pinch I guess.

cheers,
 Jamie

On 2 September 2014 07:38, Lukasz Biegaj <l.biegaj () netshock pl> wrote:

W dniu 01.09.2014 o 17:16, Chris Nehren pisze:


It's Monday and I haven't had my tea yet, so maybe I'm missing something.
What is it?



It rules out the possibility, that your ssh connection is being MITMed. If
key reported by your ssh client is different than key reported by this
website, then you shouldn't bother server admin with it, as the issue is in
your network.


--
Ɓukasz Biegaj





-- 
Jamie Riden / jamie () honeynet org / jamie.riden () gmail com
http://uk.linkedin.com/in/jamieriden
Previous By Date Next
Previous By Thread Next

Current thread: