[TriLUG] Semi-OT: Detecting HTTPS inspection? Does that compromise SSH?
Igor Partola
igor at igorpartola.com
Mon Jun 2 17:19:34 EDT 2014
For SSH there are actually two pretty cool solutions to this problem that
I've found:
1. Using a Certificate Authority to sign SSH keys (not quite the same as
HTTPS CA's but similar idea):
https://www.digitalocean.com/community/articles/how-to-create-an-ssh-ca-to-validate-hosts-and-clients-with-ubuntu.
This is a pretty secure method, assuming you can easily distribute the CA's
cert to all the clients. Also, I have not seen an iOS SSH app that supports
it.
2. The Monkeysphere project: http://web.monkeysphere.info/. This lets you
sign your server ssh keys with your GPG key. Assuming you can easily share
your ssh key with others, this will display your name and email instead of
just the random ssh key fingerprint when connecting to a new server.
Igor
More information about the TriLUG
mailing list