Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

Anyway to *NOT* get MITM'ed?

0

There appears to be no way to set the host key, nor to get the host key fingerprint.

At this is the conclusion after multiple frustrating exchanges with support.

Am I missing something here? Is everyone using SFTP just accepting the risk of MITM by the TCP/IP operator?

Tópicos
AWS Well-Architected Framework
Tags
Segurança
Idioma
English
paul__draper
feita há 5 anos251 visualizações
2 Respostas
0

When you get a "Man In The Middle" attack message, it's because the IP address of your server endpoint is the same as before, but the host key changed. Is that your case?
Also, you can see the server fingerprint by using the DescribeServer API: https://docs.aws.amazon.com/transfer/latest/userguide/API_DescribeServer.html

AWS
AWS-User-9826533
respondido há 5 anos
0

Well, I have no way of knowing if I am MITM; i.e. if the traffic is being delivered to the expected identity, since SSH doesn't use PKI like SSL/TLS certs.

Thanks for showing how to get the host key. That answers my question perfectly, particularly since SFTP FAQ says the host key never changes.
I'll let the support rep know :/

paul__draper
respondido há 5 anos

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante