Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Anyway to *NOT* get MITM'ed?

0

There appears to be no way to set the host key, nor to get the host key fingerprint.

At this is the conclusion after multiple frustrating exchanges with support.

Am I missing something here? Is everyone using SFTP just accepting the risk of MITM by the TCP/IP operator?

Themen
AWS Framework mit guter Struktur
Tags
Sicherheit
Sprache
English
paul__draper
gefragt vor 5 Jahren251 Aufrufe
2 Antworten
0

When you get a "Man In The Middle" attack message, it's because the IP address of your server endpoint is the same as before, but the host key changed. Is that your case?
Also, you can see the server fingerprint by using the DescribeServer API: https://docs.aws.amazon.com/transfer/latest/userguide/API_DescribeServer.html

AWS
AWS-User-9826533
beantwortet vor 5 Jahren
0

Well, I have no way of knowing if I am MITM; i.e. if the traffic is being delivered to the expected identity, since SSH doesn't use PKI like SSL/TLS certs.

Thanks for showing how to get the host key. That answers my question perfectly, particularly since SFTP FAQ says the host key never changes.
I'll let the support rep know :/

paul__draper
beantwortet vor 5 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt