undefined | Better HN

0 pointsPhilipRoman1mo ago0 comments

I'm saying that 90% of these setups look like this (or do the equivalent thing manually):

   ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null root@192.168...

They have ssh, but no proper key management

0 comments

ajross1mo ago

Well, sure. You can turn off host key checking in ssh! But that isn't responsive to a point that (1) host key validation exists in ssh and (2) host key validation is on by default in ssh.

Izkata1mo ago

Their original comment was referring to people ignoring the warning banner and connecting anyway when the host changes. Not that it doesn't exist.

0xbadcafebee1mo ago

Exactly. But 'passive encryption' isn't helpful; if you can see the traffic, you can MITM it. Just RST the connection, wait for the reconnect, intercept.

j / k navigate · click thread line to collapse