Methods for protection – Nortel Networks NN46120-104 User Manual
Page 258
258
SSH host keys
Methods for Protection
In many environments, it may be reasonable for a SSH client user to
simply accept the key from a previously unknown remote server host when
prompted by the client, but to achieve strict protection against a "man in
the middle" attack against this very first connection, one of these methods
can be used:
•
Verifying the "fingerprint" (as displayed by the client) of the new remote
host key by some out-of-band means (e.g. verbal communication with
the server administrator).
OR
•
Pre-installing the remote host key (previously transferred by some
out-of-band means) in the client’s key storage, i.e. effectively making
the remote host known even before the first connection.
The server administrator also needs to be able to generate new keys
(e.g. at initial configuration, or in case the old ones are believed to be
compromised), and the client user needs to be able to remove remote host
keys that are no longer valid from the client’s key storage (e.g. due to the
server administrator having generated new keys).
Nortel VPN Gateway
User Guide
NN46120-104
02.01
Standard
14 April 2008
Copyright © 2007-2008 Nortel Networks
.