0

I am connecting to remote hosts via jump host where I verify only the jump host's host key, but turn off host key verification for the target hosts.

the ssh command arguments look like this:

-o StrictHostKeyChecking=no -o ProxyCommand="ssh -o StrictHostKeyChecking=yes -W %h:%p -q {{ user }}@{{ jh_ip }}"

Assuming the jump host is secure, is a MITM attack possible under this scenario?

kakarukeys
  • 101
  • 1
  • Where is the "middle" that you are concerned with? Between you and the jump host or between the jump host and the ssh server? – schroeder Jul 30 '21 at 11:13
  • @schroeder I guess it's "between me and the jump host", that's public internet. Between jump host and the ssh server is VPC network. – kakarukeys Jul 30 '21 at 12:57
  • Once you make that clarification, is the answer now obvious, or do you still have some concerns? – schroeder Jul 30 '21 at 13:01
  • i'm sorry I don't see the obvious, may be you can clarify. – kakarukeys Jul 30 '21 at 13:02
  • What the jump host does after you connect has no effect on the security from you to the jump box. So, the fact that the ssh server's fingerprint is not checked by the jump box is irrelevant to the threat you are concerned about. – schroeder Jul 30 '21 at 13:51
  • No, the jump host does not do the checking. Both the ssh server's and the jump host's fingerprints are checked by my SSH command. Without the first StrictHostKeyChecking argument in the command, I get an error message from the command if the keys are missing from my `known_hosts` file, or if the keys are changed. – kakarukeys Jul 30 '21 at 14:09

0 Answers0