AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

Anyway to *NOT* get MITM'ed?

0

There appears to be no way to set the host key, nor to get the host key fingerprint.

At this is the conclusion after multiple frustrating exchanges with support.

Am I missing something here? Is everyone using SFTP just accepting the risk of MITM by the TCP/IP operator?

주제
AWS Well-Architected 프레임워크
태그
보안
언어
English
paul__draper
질문됨 5년 전251회 조회
2개 답변
0

When you get a "Man In The Middle" attack message, it's because the IP address of your server endpoint is the same as before, but the host key changed. Is that your case?
Also, you can see the server fingerprint by using the DescribeServer API: https://docs.aws.amazon.com/transfer/latest/userguide/API_DescribeServer.html

AWS
AWS-User-9826533
답변함 5년 전
0

Well, I have no way of knowing if I am MITM; i.e. if the traffic is being delivered to the expected identity, since SSH doesn't use PKI like SSL/TLS certs.

Thanks for showing how to get the host key. That answers my question perfectly, particularly since SFTP FAQ says the host key never changes.
I'll let the support rep know :/

paul__draper
답변함 5년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠