[RndTbl] ssh host checking
Trevor Cordes
trevor at tecnopolis.ca
Fri Sep 10 03:09:16 CDT 2010
What security will I lose by using ssh with:
-o StrictHostKeyChecking=no -o CheckHostIP=no
?
I have a script that connects automatically to dozens of linux boxen (that
I control) on the internet using dsa/rsa keys. Many of these are on MTS
DSL and so change their IP's frequently (often many times a week). They
all have dynamic dns setup so I can always access them via a DNS domain
name (rather than IP).
If I use the ssh defaults of StrictHostKeyChecking=ask and
CheckHostIP=yes, it mostly works as expected, but sometimes my script will
hang with ssh waiting for tty input with the usual:
The authenticity of host 'foo.com (141.162.215.81)' can't be established.
Are you sure you want to continue connecting (yes/no)?
I don't mind this for new boxes where I haven't confirmed the fingerprint
yet, but for existing boxes where the IP has changed, it sometimes gives
me grief. I can't recall all the particular instances, but the one that
just hit me was one of my MTS boxes cycled onto an IP that was previously
used by a different box! Seems rather unlikely, but with DSL hanging up
all the time, it's bound to happen. I see no way around this occurrence
except to use the above -o options to disable all checks.
So what attacks am I really opening myseful up to with those settings? Is
the worst case that a MitM captures my commands? Or is the worst case
that they gain my password/key and access to the remote system?
What else?
It sure would be nice if I could, on my local box, install a key or
something from each of the remote boxen and say that I never care about
what IP it has at the moment, just check the key and be happy & secure.
For all scenarios assume local + remote boxes have not been compromised.
Thanks!
More information about the Roundtable
mailing list