-
Notifications
You must be signed in to change notification settings - Fork 381
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSH Fingerprints #27
Comments
I agree to Simone. A check and warning if the fingerprint (or so far the Am 01.01.2015 06:29 schrieb "Simone" notifications@github.com:
|
Kind of fuzzy on how this could work since this is SSL/TLS stacked on top of SSH. Users authenticate to KeyBox, then KeyBox authenticates to the servers with its SSH key. In the case of SSL/TLS, certificates are the mechanism used to validate authenticity (which it is a good idea to purchase or generate your own cert). StrictHostChecking couldn't be turned on between users and the host itself. Maybe it could work between KeyBox and the host, but there would have to be a way to resolve if the fingerprint doesn't match. |
I just thought about the integrity check between keybox and the configured
|
That is what I was referring to, as well. |
Right, but if the fingerprint doesn't match how is that resolved? and what happens in the meantime? are users locked out from accessing the host with the fingerprint mismatch? |
If the fingerprint doesn't match, the way to resolve it could be either inputting the new fingerprint, or deleting the current one for the host. |
Yeah, I was kind of thinking it should only be something an admin could do. b/c you wouldn't want just a regular user verify the host is authentic for all the other users. |
I agree to Simone. Only an admin should be able to accept a changed host. 2015-01-07 12:26 GMT+01:00 Sean Kavanagh notifications@github.com:
|
As far as I see, KeyBox does not save and check SSH fingerprints.
This would be a really nice addition.
The text was updated successfully, but these errors were encountered: