Jump to content


Photo
- - - - -

List of ECDSA key fingerprints for SSH tunnel connections

security ssh

  • Please log in to reply
2 replies to this topic

#1 bumbleb33

bumbleb33

    Newbie

  • New Members
  • Pip
  • 3 posts

Posted 10 October 2016 - 06:21 PM

Hi,

 

Like it says in the documentation, and as is usual, upon the first connection to a ssh server to open a ssh tunnel, the authenticity via the ECDSA key fingerprint is stated. The documentation says to just accept it. But this is dangerous as it allows any intermediate to open a MITM attack.

 

So please compile a list of all servers (with their IPs) and their fingerprints so we can match them on the first connection.

 

Thanks!



#2 zhang888

zhang888

    Donald Trump of IT/Security

  • Moderators
  • 2205 posts

Posted 11 October 2016 - 12:32 AM

The documentation says to just accept it. But this is dangerous as it allows any intermediate to open a MITM attack.

 

Not really.

Both SSL/SSH tunnels are there for the traffic pattern and not for any additional security.

An attacker with an SSL/SSH MITM will not be able to decrypt your OpenVPN encryption.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.


#3 bumbleb33

bumbleb33

    Newbie

  • New Members
  • Pip
  • 3 posts

Posted 12 October 2016 - 11:26 AM

The documentation says to just accept it. But this is dangerous as it allows any intermediate to open a MITM attack.

 

Not really.

Both SSL/SSH tunnels are there for the traffic pattern and not for any additional security.

An attacker with an SSL/SSH MITM will not be able to decrypt your OpenVPN encryption.

Yes you're right, I figured that too after posting my request.

Before I posted, I thought that AirVPN also supports ssh tunneling or opening a SOCKS server via ssh -D instead of just being an intermediate via port forwarding for the openvpn client.

 

ssh SOCKS server support would be a cool feature, any chance airvpn might add that?







Similar Topics Collapse


Also tagged with one or more of these keywords: security, ssh

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Servers online. Online Sessions: 14115 - BW: 44620 Mbit/sYour IP: 54.81.254.212Guest Access.