On the other hand, SSH gives you just that if you verify the fingerprint which i... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

wodny on Feb 16, 2019 | parent | context | favorite | on: How to Secure a Linux Server

On the other hand, SSH gives you just that if you verify the fingerprint which is not mentioned in the guide. MITM-proof channel is needed if one gains any kind of shell access because then public key substitution can happen in various ways, even without the user him/herself explicitly editing the file. Furthermore, if one allows MITM when accessing shell, substituting the public key is just one of very serious security problems.

rkeene2 on Feb 16, 2019 [–]

Certainly many other operations require a tamper-proof channel, and many more things can go wrong without one but I believe the author was trying to indicate the specific requirement here rather than making a specifically incorrect statement.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact