Verifying host keys

Calling the system administrator and verifying the host key over the phone is a simple solution to making sure the host key is correct and that the client is not vulnerable to a man-in-the-middle attack. However, in many situations this is not a practical solution. There may be too many servers. There may be too many clients. Or, the administrator may not be available when the user first connects.

There are a number of other methods that can be used to distribute host keys or fingerprints:

An ISP or network administrator might distribute host key fingerprints on a secure web page that all customers or users have access to.
The host key fingerprint can be sent by e-mail to end users so they have it readily available to compare to the fingerprint displayed in the challenge message.
For enterprises that already use a system such as SMS to push files out to client systems, host keys could also be distributed through this system.
Organizations using Kerberos could take advantage of Secure Shell's GSSAPI key exchange, which doesn't require hosts keys, and instead leverages Kerberos host verification.

Recently, an IETF draft has been released that specifies a method of checking host key fingerprints using secure DNS (DNSSEC). Secure Shell solutions implementing this new mechanism are not yet widely available.

<< Known hosts

Backup your host keys >>


	Products	Downloads	Purchase	Support	About Us
	VShell Server	VShell Server	Buy Direct	Evaluation	Contact
	SecureCRT	SecureCRT	License Pricing	Updates Policy	Press Releases
	SecureFX	SecureFX	About Encryption Export	FAQs	What's New
	VanDyke ClientPack	VanDyke ClientPack	Orders FAQ	Tips & How-Tos	Customer Stories
	Beta Software	Beta Software	Resellers	Forums	Secure Solutions
Site Map \| Legal Notices \| Privacy Policy \| Refund Policy VShell, SecureCRT, SecureFX, Entunnel, CRT, and AbsoluteFTP are trademarks or registered trademarks of VanDyke Software, Inc. in the United States and/or other countries. All other trademarks or registered trademarks are the property of their respective owners. Copyright © 1995 - VanDyke Software, Inc. All rights reserved.

About Encryption Export

Site Map | Legal Notices | Privacy Policy | Refund Policy

VShell, SecureCRT, SecureFX, Entunnel, CRT, and AbsoluteFTP are trademarks or registered trademarks of VanDyke Software, Inc. in the United States and/or other countries. All other trademarks or registered trademarks are the property of their respective owners.