Table of Contents
Advertisement
258 SSH host keys
Methods for Protection
In many environments, it may be reasonable for a SSH client user to
simply accept the key from a previously unknown remote server host when
prompted by the client, but to achieve strict protection against a "man in
the middle" attack against this very first connection, one of these methods
can be used:
•
•
The server administrator also needs to be able to generate new keys
(e.g. at initial configuration, or in case the old ones are believed to be
compromised), and the client user needs to be able to remove remote host
keys that are no longer valid from the client's key storage (e.g. due to the
server administrator having generated new keys).
Copyright © 2007-2008 Nortel Networks
.
Verifying the "fingerprint" (as displayed by the client) of the new remote
host key by some out-of-band means (e.g. verbal communication with
the server administrator).
OR
Pre-installing the remote host key (previously transferred by some
out-of-band means) in the client's key storage, i.e. effectively making
the remote host known even before the first connection.
Nortel VPN Gateway
NN46120-104 02.01 Standard
14 April 2008
User Guide
Advertisement
Table of Contents
