Y
Hacker News
new
|
ask
|
show
|
jobs
by
schmichael
3611 days ago
Unless you've gotten anoncvs.ca.openbsd.org's host key fingerprint through some secure mechanism (say... HTTPS), SSH only encrypts the transport. It does nothing to stop a MITM (eg a malware injecting proxy).
1 comments
OrpheanBeholder
3611 days ago
Get the host fingerprints over TLS then?
https://www.openbsd.org/anoncvs.html
link
jlgaddis
3611 days ago
In which case ISTM that they could have just enabled HTTPS on www.openssh.com and saved us a few steps.
link
https://www.openbsd.org/anoncvs.html