RE: Verifying the host fingerprint

From: John Tackman (john.tackman_at_hex.fi)
Date: 02/19/04

  • Next message: David Hirst: "restricting users that don't have a homedir" 
    Date: Thu, 19 Feb 2004 11:12:10 +0200
To: "Craig M. Dupree" <cdupree@austin.rr.com>, "Hamish Whittal" <hamish@QEDux.co.za>

    > > I am trying to log into a host and, the first time, it
    > gives me a host
    > > fingerprint, asking whether this is the host I am trying to
    > connect to.
    > > I know it is, but how do I "REALLY" verify this?
    >
    > Contact the admin of the system, offline (ie, phone). Ask
    > him to verify that the fingerprint of the key on his system
    > matches what you have been presented with.

    Actually, even this is unsecure, how do you know the guy who answers the
    phone is the one who should be answering that question and how do you
    know he tells the truth? :)

    Hamish, you've arrived at the CORE of the problem of sender/recipient
    identification dilemma :)

    This transmission is intended only for the individual or entity to which it is addressed. The message may contain information that is private and confidential. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any distribution, dissemination or copying of this message is strictly prohibited.
    If you have received this message in error, please notify the sender immediately by returning the e-mail and delete the original message. Thank You. The content of this message is not given or endorsed by HEX.
    HEX reserves the right to monitor all e-mail communications through its networks. The attachments have been scanned for viruses prior to leaving our e-mail server.
    HEX shall not be liable for any consequences of any virus being passed on.

  • Next message: David Hirst: "restricting users that don't have a homedir"

    Relevant Pages