Anyway to *NOT* get MITM'ed?

Question

There appears to be no way to set the host key, nor to get the host key fingerprint.  
  
At this is the conclusion after multiple frustrating exchanges with support.  
  
Am I missing something here? Is everyone using SFTP just accepting the risk of MITM by the TCP/IP operator?

Answer

Well, I have no way of knowing if I am MITM; i.e. if the traffic is being delivered to the expected identity, since SSH doesn't use PKI like SSL/TLS certs.  
  
Thanks for showing how to get the host key. That answers my question perfectly, particularly since SFTP FAQ says the host key never changes.  
I'll let the support rep know :/

Answer

When you get a "Man In The Middle" attack message, it's because the IP address of your server endpoint is the same as before, but the host key changed. Is that your case?   
Also, you can see the server fingerprint by using the DescribeServer API: https://docs.aws.amazon.com/transfer/latest/userguide/API_DescribeServer.html

Anyway to NOT get MITM'ed?

相關內容