Comment by kristjank
3 years ago
This really wants me to re-evaluate all the times I have gracefuly TOFU'd while SSHing into a machine or even logging onto a website.
3 years ago
This really wants me to re-evaluate all the times I have gracefuly TOFU'd while SSHing into a machine or even logging onto a website.
Consider including SSH known hosts in your cfgmgmt.
I have all my machines' public keys, and all major git forge's SSH keys in my git-managed cfgmgmt repo.
For NixOS users: https://search.nixos.org/options?channel=23.05&show=programs...
one issue is that most hosting providers don't display ssh host keys anywhere in the control panels so unless you have a... lot of fun (and spend time) with the virtual console... (or maybe a custom cloud-init script?) you're SOL for the very very first connection
Isn't more important that the known key does not change unless you made the change, than having the "right" key to begin with?
1 reply →
Given that the attack subverted the TLS certificates, I'd say key-based TOFU is still a better alternative.
Of course, checking the server key is better than not doing so, but any knee-jerk response to TOFU will probably make your security worse.
What does TOFU mean in this context? I haven’t heard that word related to tech before OpenTofu just recently!
Trust On First Use. No relation to OpenTofu where Tofu is a word play in TerraForm.
https://en.wikipedia.org/wiki/Trust_on_first_use
Trust On First Use
At DEFCON, fifteen years ago, MITM'ing TOFU ssh connections was what you did when you were bored in between talks. If you wanted to capture a new first connection, just keep dropping connections until they try a different host or device.
I don't really get why people use ssh at all if they aren't using certs. Might as well use telnet.
An unknow key when connecting to a known server will raise all kinds of alarms in my head.