diff --git a/capsulflask/templates/about-ssh.html b/capsulflask/templates/about-ssh.html
index 7247c3a..676c532 100644
--- a/capsulflask/templates/about-ssh.html
+++ b/capsulflask/templates/about-ssh.html
@@ -254,13 +254,17 @@ Host key verification failed.
you really did verify that the server's public key fingerprint matches.
If you type yes here without checking the server's host key somehow, you could add an attackers public key to the trusted
- list in your ~/.ssh/known_hosts file; if you type yes blindly, you are
- completely disabling all security of the SSH connection.
- It can be fully man-in-the-middle attacked & you are
- vulnerable to surveillance, command injection, even emulation/falsification of the entire stream.
- Will anyone actually attack you like that? Who knows. Personally, I'd rather not find out.
+ list in your ~/.ssh/known_hosts file; if you type yes blindly,
+ you are technically vulnerable to a man-in-the-middle attack. Such an attack could silently surviel your connection,
+ inject commands, even emulate / falsify the entire SSH session.
+
+ Will anyone actually attack you like that? Probably not, because such an attack would be difficult to hide from someone who
+ knows where to look. Personally, however, I'd rather not fuck around and find out. I'd rather find a way to prove to myself
+ that my first SSH connection to a new server is secure, even if it's a potentially ephemeral virtual machine like a capsul.
+
+
So what are technologists to do? Most cloud providers don't "provide" an easy way to get the SSH host public keys
for instances that users create on thier platform. For example, see this
@@ -269,20 +273,19 @@ Host key verification failed.
Besides using the provider's HTTPS-based console to log into the machine & directly read the public key,
providers also recommend using a "userdata script".
- This script would run on boot & upload the machine's SSH public keys to a
- trusted location like Backblaze B2 or
+ This script would run on boot & upload the machine's SSH public keys to an object storage system like Backblaze B2 or
Amazon S3[1], for an application to retrieve later.
As an example, I wrote a
-
+
userdata script which does this
- for my own cloud compute management tool called
- rootsystem.
- Later in the process, rootsystem will
-
+ for my own automated VPS management code in
+ greenhouse.
+ Later in the process, greenhouse will
+
download the public keys from the Object Storage provider
and add them to the ~/.ssh/known_hosts file
before finally
-
+
invoking the ssh client against the cloud host.
diff --git a/capsulflask/templates/index.html b/capsulflask/templates/index.html
index c5ab27b..b9ba171 100644
--- a/capsulflask/templates/index.html
+++ b/capsulflask/templates/index.html
@@ -22,7 +22,7 @@
All root disks are backed up at no charge
All storage is fast, local, and solid-state
All network connections are low latency
- Supported by amazing volunteers from Cyberia
+ Supported by amazing volunteers from Cyberia Computer Club
Upfront prices, no confusing billing
Operated by a Minnesota non-profit organization that will never exploit you
We donate a portion of our proceeds to likeminded hacker groups around the globe