Bugtraq mailing list archives
Re: SSH host key fingerprint - through HTTPS
From: Jamie Riden <jamie.riden () gmail com>
Date: Tue, 2 Sep 2014 11:50:24 +0100
If your HTTPS is not being MiTMed as well... (or the edge case - if it is not John Leo doing the MiTMing of your SSH connection :) If you trust Mr Leo *and* you know what that HTTPS cert should look like, it may be of use. Personally, I'd rather do it more out-of-band than this, but could be handy in a pinch I guess. cheers, Jamie On 2 September 2014 07:38, Lukasz Biegaj <l.biegaj () netshock pl> wrote:
W dniu 01.09.2014 o 17:16, Chris Nehren pisze:It's Monday and I haven't had my tea yet, so maybe I'm missing something. What is it?It rules out the possibility, that your ssh connection is being MITMed. If key reported by your ssh client is different than key reported by this website, then you shouldn't bother server admin with it, as the issue is in your network. -- Ćukasz Biegaj
-- Jamie Riden / jamie () honeynet org / jamie.riden () gmail com http://uk.linkedin.com/in/jamieriden
Current thread:
- SSH host key fingerprint - through HTTPS John Leo (Sep 01)
- Re: SSH host key fingerprint - through HTTPS Micha Borrmann (Sep 01)
- Re: SSH host key fingerprint - through HTTPS John Leo (Sep 02)
- Re: SSH host key fingerprint - through HTTPS Chris Nehren (Sep 01)
- Re: SSH host key fingerprint - through HTTPS Lukasz Biegaj (Sep 02)
- Re: SSH host key fingerprint - through HTTPS Jamie Riden (Sep 02)
- Re: SSH host key fingerprint - through HTTPS Lukasz Biegaj (Sep 02)
- Re: [FD] SSH host key fingerprint - through HTTPS maxigas (Sep 02)
- Re: [FD] SSH host key fingerprint - through HTTPS John Leo (Sep 02)
- Message not available
- Re: [FD] SSH host key fingerprint - through HTTPS Jeroen van der Ham (Sep 02)
- Re: [FD] SSH host key fingerprint - through HTTPS John Leo (Sep 02)
- Re: [FD] SSH host key fingerprint - through HTTPS Jeroen van der Ham (Sep 02)
- Re: SSH host key fingerprint - through HTTPS Micha Borrmann (Sep 01)
- Message not available
- Re: [FD] SSH host key fingerprint - through HTTPS john (Sep 02)
- Message not available
- Re: [FD] SSH host key fingerprint - through HTTPS John Leo (Sep 02)