SSH and Known Hosts
SSH and Known Hosts
Does your ssh used in the mysqlconnect use a known hosts file? From what I understand without the a priori knowledge of the key you can be subjected to a man in the middle attack.
Shalex wrote:Our current implementation of SSH support doesn't allow to use the known_hosts file. This feature is on our roadmap. We cannot provide any timeframe at the moment. I will post here when this functionality is available.
Yes, it seems very difficult to implement truly secure connection to remote databases.PuTTY FAQ wrote: A.2.9 Is there an option to turn off the annoying host key prompts?
No, there isn't. And there won't be. Even if you write it yourself
and send us the patch, we won't accept it.
Those annoying host key prompts are the _whole point_ of SSH.
Without them, all the cryptographic technology SSH uses to secure
your session is doing nothing more than making an attacker's job
slightly harder; instead of sitting between you and the server with
a packet sniffer, the attacker must actually subvert a router and
start modifying the packets going back and forth. But that's not all
that much harder than just sniffing; and without host key checking,
it will go completely undetected by client or server.
Host key checking is your guarantee that the encryption you put on
your data at the client end is the _same_ encryption taken off the
data at the server end; it's your guarantee that it hasn't been
removed and replaced somewhere on the way. Host key checking makes
the attacker's job _astronomically_ hard, compared to packet
sniffing, and even compared to subverting a router. Instead of
applying a little intelligence and keeping an eye on Bugtraq, the
attacker must now perform a brute-force attack against at least one
military-strength cipher. That insignificant host key prompt really
does make _that_ much difference.
I'm curious of some combination of methods might do the trick, like using an SSH tunnel along with SSL or something, though off the top of my I dont think this would work.
Any other suggestions to encrypt / secure remote connections would be appreciated.
I'm just letting you know that OpenSSH is basically worthless without using the known_hosts file. Accepting anything without checking the fingerprint is a big no no.