Mal*_*rba 1 dns ssh openssh dynamic-dns ubuntu
I'm running Ubuntu on my work PC, and my work place provides me with a static IP address but not with a domain. It's sometimes useful for me to connect to that PC through ssh, but it's not common enough for me to instantly remember the IP number. So I set um a dyndns account, and associated a short and intuitive domain name to that IP.
Here's my question, when I try to ssh to the domain, it asks me
$ ssh me@something.there.foo
The authenticity of host 'something.there.foo (xx.xx.xx.xx)' can't be established.
RSA key fingerprint is 'ALPHANUMERIC STRING'
Are you sure you want to continue connecting (yes/no)?
That surprised me a little bit. I have already registered the RSA fingerprint by connecting directly to the IP address. I thought the domain name was simply a convenient way of pointing me in the right direction (i. e. the ip address), but that message makes me think my data is actually going through their servers or something.
Which one is it? Am I sending my password through someone else's server? Or is ssh just really really careful, thus warning me even if the final destination is a know host?
The ssh server I'm using is the openssh-server package.
ssh is asking again; just because you connected to a host doesn't mean you trust that host to be the real something.there.foo.
You can compare the fingerprints to check they are indeed the same host:
diff -u <(ssh-keygen -F something.there.foo -l) <(ssh-keygen -F xx.xx.xx.xx -l)
There are ways to put the key fingerprint in DNS, but without DNSSEC security won't increase much.
Once you have connected to the host you can trust ssh to warn you if it changes.
| 归档时间: |
|
| 查看次数: |
548 次 |
| 最近记录: |