i recently began using an SSH client as a part of a local unix users group. reading through the FAQ, i came upon this, and i figured this community would be as good a place as any to take the questions i have about it...
note: taken from PuTTY FAQ
Is there an option to turn off the annoying host key prompts?
No, there isn't...
Those annoying host key prompts are the whole point of SSH. Without them, all the cryptographic technology SSH uses to secure your session is doing nothing more than making an attacker's job slightly harder; instead of sitting between you and the server with a packet sniffer, the attacker must actually subvert a router and start modifying the packets going back and forth. But that's not all that much harder than just sniffing; and without host key checking, it will go completely undetected by client or server.
okay, umm... what is the "cryptographic technology" that SSH uses? i.e., basically, how does it work? and this stuff about the attacker - what does subverting a router involve, and why would an attacker need to modify the packets instead of just sniffing? i suppose that ties into how the cryptographic technology works, huh?
Host key checking is your guarantee that the encryption you put on your data at the client end is the same encryption taken off the data at the server end; it's your guarantee that it hasn't been removed and replaced somewhere on the way.
of course, this probably ties into my other question - what exactly is host key checking?
Host key checking makes the attacker's job astronomically hard, compared to packet sniffing, and even compared to subverting a router. Instead of applying a little intelligence and keeping an eye on Bugtraq,
what is bugtraq? a packet sniffer?
...If you're having a specific problem with host key checking - perhaps you want an automated batch job to make use of PSCP or Plink, and the interactive host key prompt is hanging the batch process -
what are PSCP and Plink, and what would an automated batch job be used to do?
okay... that's all for now. thanks a million in advance!
note: taken from PuTTY FAQ
Is there an option to turn off the annoying host key prompts?
No, there isn't...
Those annoying host key prompts are the whole point of SSH. Without them, all the cryptographic technology SSH uses to secure your session is doing nothing more than making an attacker's job slightly harder; instead of sitting between you and the server with a packet sniffer, the attacker must actually subvert a router and start modifying the packets going back and forth. But that's not all that much harder than just sniffing; and without host key checking, it will go completely undetected by client or server.
okay, umm... what is the "cryptographic technology" that SSH uses? i.e., basically, how does it work? and this stuff about the attacker - what does subverting a router involve, and why would an attacker need to modify the packets instead of just sniffing? i suppose that ties into how the cryptographic technology works, huh?
Host key checking is your guarantee that the encryption you put on your data at the client end is the same encryption taken off the data at the server end; it's your guarantee that it hasn't been removed and replaced somewhere on the way.
of course, this probably ties into my other question - what exactly is host key checking?
Host key checking makes the attacker's job astronomically hard, compared to packet sniffing, and even compared to subverting a router. Instead of applying a little intelligence and keeping an eye on Bugtraq,
what is bugtraq? a packet sniffer?
...If you're having a specific problem with host key checking - perhaps you want an automated batch job to make use of PSCP or Plink, and the interactive host key prompt is hanging the batch process -
what are PSCP and Plink, and what would an automated batch job be used to do?
okay... that's all for now. thanks a million in advance!
