diff --git a/capsulflask/templates/about-ssh.html b/capsulflask/templates/about-ssh.html index 7247c3a..676c532 100644 --- a/capsulflask/templates/about-ssh.html +++ b/capsulflask/templates/about-ssh.html @@ -254,13 +254,17 @@ Host key verification failed. you really did verify that the server's public key fingerprint matches. If you type yes here without checking the server's host key somehow, you could add an attackers public key to the trusted - list in your ~/.ssh/known_hosts file; if you type yes blindly, you are - completely disabling all security of the SSH connection. - It can be fully man-in-the-middle attacked & you are - vulnerable to surveillance, command injection, even emulation/falsification of the entire stream. - Will anyone actually attack you like that? Who knows. Personally, I'd rather not find out. + list in your ~/.ssh/known_hosts file; if you type yes blindly, + you are technically vulnerable to a man-in-the-middle attack. Such an attack could silently surviel your connection, + inject commands, even emulate / falsify the entire SSH session. + + Will anyone actually attack you like that? Probably not, because such an attack would be difficult to hide from someone who + knows where to look. Personally, however, I'd rather not fuck around and find out. I'd rather find a way to prove to myself + that my first SSH connection to a new server is secure, even if it's a potentially ephemeral virtual machine like a capsul.
+ +
So what are technologists to do? Most cloud providers don't "provide" an easy way to get the SSH host public keys
for instances that users create on thier platform. For example, see this
@@ -269,20 +273,19 @@ Host key verification failed.
Besides using the provider's HTTPS-based console to log into the machine & directly read the public key,
providers also recommend using a "userdata script".
- This script would run on boot & upload the machine's SSH public keys to a
- trusted location like Backblaze B2 or
+ This script would run on boot & upload the machine's SSH public keys to an object storage system like Backblaze B2 or
Amazon S3[1], for an application to retrieve later.
As an example, I wrote a
-
+
userdata script which does this
- for my own cloud compute management tool called
- rootsystem.
- Later in the process, rootsystem will
-
+ for my own automated VPS management code in
+ greenhouse.
+ Later in the process, greenhouse will
+
download the public keys from the Object Storage provider
and add them to the ~/.ssh/known_hosts file
before finally
-
+
invoking the ssh client against the cloud host.