How to make sure, it is the genuine system.
 

Hi LQ folks,

I'd like to explain what i know & then describe the scenario what i'd like to know. Please correct me, if i'm wrong.

Whenever we are connecting(ssh'ing) to a host(Let's name it X) for first time, there appears a prompt to add the host to known hosts.when we say "yes" .. the public key of X is added to the user's known_hosts file(which is residing in /home/username/.ssh/known_hosts).

My Question:
Let's think a user who has connected to X,did the same(add the pub. key to known_hosts).
Now the User built a machine with the same host-name(i.e X) & made the public key of X as public key for this newly built machine.
Made the changes in DNS too(directing the request to newly built system).. so when a user from outside trying to connect to the host X using the url(hostname) will be directed to the new host.
Which should not be the way.

How to detect whether the host you're connecting to,is the real one now???


Thanks,
Ravi

That's only possible if he also obtains the private host key from X which he shouldn't without root access.

Hi linosaurusroot,

What if he got the private key too?

---------------------------------------------------------------------------------------------------------
Thanks for the reply :)

There is http://blog.exanames.com/2009/06/one...nssec-ssh.html

But after a bad guy gets root on your server then even when your users do connect to the genuine server the wrong thing happens.

Any other options?

I guess all these are attack prevention measures.

Is there any way, to find that..we are directed to the wrong host?