undefined | Better HN

0 pointsajross1mo ago0 comments

> Nobody verifies host keys,

The known_hosts file is verification of host keys. It's not verification of a host cert, which is a different thing. Most sshd instances are running on ad hoc hardware without the ability to associate them with someone a cert authority would be willing to authenticate.

Basically people running services that need cert-based authentication are already using TLS (or if they're using sshd they've locked it down appropriately). SSH is for your workstation and your RPi and whatnot.

0 comments

SAI_Peregrinus1mo ago

SSH certs aren't TLS certs. Totally different format. All SSH CAs are private, you run your own CA to issue certs to devices you want to allow to connect to your server.

ajrossOP1mo ago

It's... not about the file format.

The point is that a "private" cert is not a "cert" as commonly understood. The important part to a certification authority is the AUTHORITY part, not the data format. Either there is a trusted third party that will promise you are who you say you are, or there is not. With SSH, there is not, nor can there be as it is commonly deployed.

So applications that want that have used other protocols and other schemes, very productively.

SAI_Peregrinus1mo ago

I don't mean to imply it's just the format, merely that they're unrelated. Different file format, different trust model, different threat model. The point is that a device manufacturer or network administrator can trust all devices that have valid certs signed by their internal issuer, and create ways for devices to rotate host keys & request new certs.

PhilipRoman1mo ago

>>Nobody verifies host keys,

>The known_hosts file is verification of host keys

I think the point was that those devices typically generate host keys dynamically and therefore the host key verification is usually turned off, leaving you just with encryption (which is still better than telnet - at least you're safe against passive adversaries). At least that's what I've seen in practice.

ajrossOP1mo ago

Host key verification is a client feature and is on by default. Have you really never gotten the giant warning after a reinstall? That's what that is. SSH is telling you that the server has changed and isn't what you think.

PhilipRoman1mo ago

I'm saying that 90% of these setups look like this (or do the equivalent thing manually):

   ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null root@192.168...

They have ssh, but no proper key management

2 more replies

j / k navigate · click thread line to collapse

0 pointsajross1mo ago0 comments

> Nobody verifies host keys,

0 comments

SAI_Peregrinus1mo ago

SSH certs aren't TLS certs. Totally different format. All SSH CAs are private, you run your own CA to issue certs to devices you want to allow to connect to your server.

ajrossOP1mo ago

It's... not about the file format.

So applications that want that have used other protocols and other schemes, very productively.

SAI_Peregrinus1mo ago

PhilipRoman1mo ago

>>Nobody verifies host keys,

>The known_hosts file is verification of host keys

ajrossOP1mo ago

PhilipRoman1mo ago

I'm saying that 90% of these setups look like this (or do the equivalent thing manually):

   ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null root@192.168...

They have ssh, but no proper key management

2 more replies

j / k navigate · click thread line to collapse