Comments: Principle of Redundancy

You can generate a list of known_host fingerprints by
running:

ssh-keygen -l -f $HOME/.ssh/known_hosts

You can also generate the fingerprint of the host public
keys by running:

ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub
ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub

(tested with OpenSSH 4.2p1).

After the initial "leap of faith" and installation of
authorized_keys, I use restrictive ssh client settings:

Host *
PasswordAuthentication no
StrictHostKeyChecking yes

(Does not invalidate your usability arguments though)

Posted by Emmanuel at February 22, 2008 09:35 PM
Post a comment









Remember personal info?






Hit Preview to see your comment.
MT::App::Comments=HASH(0x5612bb7c9c20) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/Object.pm line 125.