[rescue] SSH through firewall
Big Endian
rescue at sunhelp.org
Wed Dec 12 11:26:41 CST 2001
> >~ Is there a better way? Any ssh clients that allow multiple
>>~ host keys for a host?
>>~
>>
>>I'm no expert, but wouldn't that weaken SSH? The host key is God.
>
>Would it? Instead of always assuming that host secure.net has key #1,
>you'd still check to be sure that:
> host secure.net on port 22 has key #1
> host secure.net on port 1022 has key #2
> host secure.net on port 2022 has key #3
> host secure.net on port 3022 has key #4
>
>Multiple keys per hosts, but each key is associated with that host _and_
>port number. Or does these scheme leave a big hole for a man in the middle
>attack?
Its time for kerberos.
daniel
--
-----------------------------------------------------------------
"Fragile. Do not drop." -- Posted on a Boeing 757.
More information about the rescue
mailing list