Understanding Host Keys
Think about the last time you faxed personal or company information to someone for the first time. Did you wonder if the number you were sending this information to was the right one? Unlike a phone call, where no personal information is exchanged until you have identified who you are speaking to, when you send a fax you might wonder where your information is ending up. When using the public network (internet), verifying that the server being connected to is the "right number" is taken for granted far too often. In this white paper, we will talk about the importance of knowing that the server you (or one of your end users) is connecting to is the "right number" and how Secure Shell server host keys are used to verify a server's identity.
This paper assumes the reader has a general familiarity with the Secure Shell protocol. For more information, refer to our Secure Shell Overview white paper which can be read online or downloaded from our web site:
Here is a brief excerpt from that white paper's introduction:
Secure Shell (SSH) provides an open protocol for securing network communications which is less complex and expensive than hardware-based VPN solutions. Secure Shell client/server solutions provide command shell, file transfer, and data tunneling services for TCP/IP applications. SSH connections provide highly secure authentication, encryption, and data integrity to combat password theft and other security threats.
Table Of Contents
What vulnerablities do host keys help address?
How web servers prevent man-in-the-middle attacks
What is the purpose of the host key?
Creating host keys
Accepting a new host key 1
Accepting a new host key 2
Accepting a new host key 3
Accepting a new host key 4
Handling a changed host key
Verifying host keys
Backup your host keys
The need for policy