Hey all,
I'd like to heighten my SSH security a bit, as I'm connecting from outside locations.
I'd like to setup ssh_config such that any simple command like "ssh blah@blabla.com" will always show both the remote server's fingerprint, and the local entry in known_hosts.
I realize known_hosts will already alert me if I happen to have a different entry stored, which is great... but .... I have a lot of servers I connect to, from multiple laptops and installs, and I'm not always the best at remembering to connect to each server initially from home (so my workstation has the correct fingerprint). Sometimes I'm out in the wild and get that warning prompt ("Bro you've never connected to this server before!") and a bead of sweat drips down my temple as I inevitably type y-e-s and hope I'm not the victim of a man in the middle attack.
I think I can just set each SSH server's MOTD to display it's own key... or something, such that I will always be seeing the server's real key after login... but ... how do I configure ssh_config to always show me both the last known fingerprint and the current fingerprint?
I'm trying to dummy-proof my security ... against myself.
Any ideas?
Bookmarks