IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [ssh-host-key]

The SSH host key is an identifier of a SSH / SFTP server.

The SSH host key is a fingerprint to prove the identity of the SSH / SFTP server you are connecting to.

53 questions
1
vote
1 answer

Security against local attack for remote FDE decryption?

Is there any remote FDE decryption that is resistant to an attacker that has local physical access? Tools like dracut-sshd need to store the private key used for the sshd server on the unencrypted boot partition, so a local attacker has the ability…
Dannycy
  • 21
  • 3
1
vote
0 answers

can I trust the output of `ssh-keyscan localhost`?

I am aware that running ssh-keyscan on a remote host doesn't prove that the remote host is indeed the one you are trying to connect to, only that it's the same one each time, but what about if I run ssh-keyscan localhost on that host beforehand, and…
FitzmorrisPR
  • 11
  • 1
1
vote
1 answer

What are the security risks if my server with github ssh access key is hacked?

I connect to my github repo using ssh keys which I have whitelisted in GitHub. I do pull/push to this repo from my linux server which is hosted in AWS. If a hacker gains access to this AWS server, what all damage can he do to my code in github? Can…
simplfuzz
  • 211
  • 2
  • 5
1
vote
1 answer

Experiencing ssh host key mismatch with x2goclient

x2goclient (on Windows) shows a different ssh host key hash than the output of ssh-keygen -lf /etc/ssh/ssh_host_key_$cypher_ley.pub -E md5 on the host. Connecting with other ssh clients from the same machine works fine (x2goclient comes with own ssh…
Dominykas Mostauskis
  • 499
  • 5
  • 7
1
vote
1 answer

Force "Remote Host Identification Has Changed " warning

I have a client-server pair and am trying to reproduce the warning: REMOTE HOST IDENTIFICATION HAS CHANGED! I am aware that one way to achieve this is to change the ecdsa key on the ssh server and force the server to use its ecdsa key to identify…
abjoshi - Reinstate Monica
  • 145
  • 5
1
vote
1 answer

SSH host key: Is the public one necessary and should the key be password protected

I was playing around with my SSH server side config sshd_config. I replaced my default SSH host keys with only one RSA key while I'm using Protocol 2 and key auth only. ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa This creates as expected…
codekandis
  • 113
  • 4
1
vote
1 answer

What are the risk of NOT using a host key for SFTP using pysftp?

I've put together an ETL process with Python where I move some files from an SFTP server to a local sever. I'm following the directions from here: http://pysftp.readthedocs.io/en/release_0.2.9/cookbook.html I was having a hard time getting the key…
Bob Wakefield
  • 113
  • 1
  • 1
  • 4
1
vote
1 answer

How to force openssh client to require both SSH certificate and SSHFP record?

Securely authenticate SSH hosts I have successfully used both OpenSSH Certificates and SSHFP to authenticate hosts when connecting to servers using SSH. But I fail to find a way to require the combination of these. Is there a way to tell the OpenSSH…
Peter
  • 429
  • 3
  • 15
1
vote
0 answers

Do I have an ssh intruder in my VPS?

I have faced a problem with my VPS. It seems that someone has added his public key to my authorized_keys file and logged in to my VPS. Postponed publickey for xxx from 223.255.145.158 port 52240 ssh2 [preauth] debug1: userauth-request for user root…
H. SLF
  • 11
  • 1
0
votes
1 answer

What are the security implications of using GPG instead of SSH keys for authentication

I want to use a GPG key instead of an SSH key. Looking online I found several guides on how to do it. But these guides are about using GPG for convenience. I instead want to know the pros and cons from the security perspective. Firstly looking at…
SomethingSomething
  • 3
  • 2
0
votes
2 answers

ssh authentication: is it possible to have password OR keys?

I'm wanting to use hashbackup to backup one server (A) to another server (B). Hashbackup can send the backup to server B, if server A has server B's key (public?) for passwordless ssh. I haven't used keys prior. I prefer ssh'ing with password and…
oneearth
  • 1
0
votes
2 answers

Is it possible somebody could have edited my known_hosts file to connect to malicious servers?

Sorry if this question is stupid or doesn't make sense. What led me to ask this is that I noticed my known_hosts file has many (15) lines and I'm not sure why; I didn't think I had connected to this many servers? (I think this is what the…
letslearnmath
  • 103
  • 2
0
votes
0 answers

is MITM attack possible when we verify only the jump host's fingerprint (host key)?

I am connecting to remote hosts via jump host where I verify only the jump host's host key, but turn off host key verification for the target hosts. the ssh command arguments look like this: -o StrictHostKeyChecking=no -o ProxyCommand="ssh -o…
kakarukeys
  • 101
  • 1
0
votes
1 answer

How hacker/ others get your SSH private key / stole your SSH private key?

I know we must keep private keys secure, but as long as we don't share the private key, what can go wrong? How hackers/others can steal/get your private key? What is the possible way that can happen for : Non-educated people (Beginner) People that…
thegrass
  • 1
0
votes
1 answer

Host Keys in Public/Private Key Auth

I've chased my tail into a late night circle thinking about public key authentication to cloud instances. As such, I have some questions on the function of host keys when authenticating an SSH session. If I'm on machine B, and use ssh-keygen to…
Chris
  • 165
  • 5
1 2
3
4