Re: [FD] SSH host key fingerprint - through HTTPS

From: John Leo <johnleo@checkssh.com>
To: maxigas <maxigas@anargeek.net>
Cc: fulldisclosure@seclists.org,bugtraq@securityfocus.com
Subject: Re: [FD] SSH host key fingerprint - through HTTPS
Date:


"source code"
It's here:
https://checkssh.com/result/indexdotphp.txt
Extremely short and easy to read.

"trust the service operators"
Hey, trust your own eyes. :-) Feel free to audit/use our code.

"a better solution is to use Monkeysphere"
Professional "certificate authority" vs "OpenPGP web of trust"
Personally I feel more comfortable with CA.

Best Wishes,

On 2014-9-2 02:48, maxigas wrote:
> From: John Leo <johnleo@checkssh.com>
> Subject: [FD] SSH host key fingerprint - through HTTPS
> Date: Mon, 01 Sep 2014 12:41:17 +0800
>
>> This tool displays SSH host key fingerprint - through HTTPS.
>>
>> SSH is about security; host key matters a lot here; and you can know
>> for sure by using this tool. It means you know precisely how to answer
>> this question:
>> The authenticity of host 'blah.blah.blah (10.10.10.10)' can't be
>> established.
>> RSA key fingerprint is
>> a4:d9:a4:d9:a4:d9a4:d9:a4:d9a4:d9a4:d9a4:d9a4:d9a4:d9.
>> Are you sure you want to continue connecting (yes/no)?
>>
>> https://checkssh.com/
>>
>> We hackers don't want to get hacked. :-) SSH rocks - when host key is
>> right. Enjoy!
>
> Excellent point and thanks for the tool! Indeed, fingerprint
> verification is the absolute weak point of SSH. Here the problem
> is that you have to trust the service operators when you use
> checkssh or set up your own. Is the source code available
> somewhere?
>
> Also, a better solution is to use Monkeysphere which uses the
> public key infrastructure of PGP. It can not just check your SSH
> fingerprints automatically but do a whole lot of other things:
>
> http://web.monkeysphere.info/
>
> --
> maxigas, kiberpunk
> FA00 8129 13E9 2617 C614 0901 7879 63BC 287E D166
> http://research.metatron.ai/
>
> People the switches!
>
>
>
>
>





Copyright © 1995-2019 LinuxRocket.net. All rights reserved.