Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
E
E
elisey4742016-08-28 20:19:35
SSH
elisey474, 2016-08-28 20:19:35

Is ssh secure?

There is an ssh server at 123.456.789.987:22 to which the client has already connected using the ssh command 123.456.789.987
1) Is ssh safe now?
2) If there is a mitm attack, will ssh write about it 100% with a mismatch of fingerprints?
3) A friend says that the fingerprint check only protects against the simplest mitm attacks, is that true?
Please respond to each item.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
X
xmoonlight, 2016-08-28
@elisey474

If authorization was by key, revoke/regenerate the key of this client on the SSH server (or re-create the account to get a new key, etc.). If access is by login and password, the server generates a private key at the first login to the account and transfers it to the client via a secure connection. The client - saves it and uses it on subsequent logins (or asks again, if necessary, to generate a new one).
Without a private key - MITM is only possible as a packet proxy of encrypted traffic, but not as sniffing (to see what kind of information is inside the packets).
If you manage to find out (pick up) the private key, then you can restore all the saved data from such packages. (but it's not easy at all)
In general, SSH is secure. But, if it is possible to use additional security - it's better to do it!
For example, strong protocols for encrypted data exchange and / or access to the port after "tapping" (port knocking): https://habrahabr.ru/post/179219/
UPD: Translation of RFC (in Russian) via SSH: rfc2.ru/4251 .rfc

Report
N
nirvimel, 2016-08-28
@nirvimel

A better question would be: How secure is OpenSSH compared to closed-source alternatives?
Answer: For private use (not counting corporations with multi-million dollar security budgets) OpenSSH is by far the most secure tool in its field.
Rumors that some tool, which is the standard in its field, are supposedly not safe, can be spread by those who are very uncomfortable with the situation with the massive use of technology against which they have no simple means of countering (you understand who we are talking about). The purpose of spreading such rumors is that the mass user, who is poorly versed in the issue, refuses to use a standard tool and starts looking for little-known solutions (security through obscurity - somewhere on an intuitive level is embedded in the human brain and is one of the cognitive distortions that suddenly surfaced in the information age). Manufacturers of little-known solutions (typically closed-source) or have been cooperating with those who are interested for a long time so that these solutions protect against everyone but Them.

Report
A
Alexey, 2016-08-28
@alsopub

security.stackexchange.com/questions/61580/can-an-... here they write that mitm is impossible if the fingerprint matches.

Report
S
Sergey, 2016-08-28
@edinorog

no it's not safe. Recently, there are a lot of bookmarks related to generation and cryptography. you put the question wrong. Is this kind of connection secure enough for my service layer? here is the question you should be interested in

Similar questions
E
Eltorniado2022-01-16 23:36:53
How to connect to VPS from Google Cloud via SSH? What exactly should I enter as username and password? 0Reply
D
dm2018-11-20 15:23:09
How to export a database via SSH (mysqldump)? 1Reply
A
Alexey Yarkov2016-06-24 22:13:41
How to connect to Mongo on VDS via ssh tunnel? 1Reply
R
Rozello2016-07-02 14:51:04
How to send requests from LWP through socket tunnel returned by Net::OpenSSH? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question