Answer the question
In order to leave comments, you need to log in
Is ssh secure?
There is an ssh server at 123.456.789.987:22 to which the client has already connected using the ssh command 123.456.789.987
1) Is ssh safe now?
2) If there is a mitm attack, will ssh write about it 100% with a mismatch of fingerprints?
3) A friend says that the fingerprint check only protects against the simplest mitm attacks, is that true?
Please respond to each item.
Answer the question
In order to leave comments, you need to log in
If authorization was by key, revoke/regenerate the key of this client on the SSH server (or re-create the account to get a new key, etc.). If access is by login and password, the server generates a private key at the first login to the account and transfers it to the client via a secure connection. The client - saves it and uses it on subsequent logins (or asks again, if necessary, to generate a new one).
Without a private key - MITM is only possible as a packet proxy of encrypted traffic, but not as sniffing (to see what kind of information is inside the packets).
If you manage to find out (pick up) the private key, then you can restore all the saved data from such packages. (but it's not easy at all)
In general, SSH is secure. But, if it is possible to use additional security - it's better to do it!
For example, strong protocols for encrypted data exchange and / or access to the port after "tapping" (port knocking): https://habrahabr.ru/post/179219/
UPD: Translation of RFC (in Russian) via SSH: rfc2.ru/4251 .rfc
A better question would be: How secure is OpenSSH compared to closed-source alternatives?
Answer: For private use (not counting corporations with multi-million dollar security budgets) OpenSSH is by far the most secure tool in its field.
Rumors that some tool, which is the standard in its field, are supposedly not safe, can be spread by those who are very uncomfortable with the situation with the massive use of technology against which they have no simple means of countering (you understand who we are talking about). The purpose of spreading such rumors is that the mass user, who is poorly versed in the issue, refuses to use a standard tool and starts looking for little-known solutions (security through obscurity - somewhere on an intuitive level is embedded in the human brain and is one of the cognitive distortions that suddenly surfaced in the information age). Manufacturers of little-known solutions (typically closed-source) or have been cooperating with those who are interested for a long time so that these solutions protect against everyone but Them.
security.stackexchange.com/questions/61580/can-an-... here they write that mitm is impossible if the fingerprint matches.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question