Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://bsd.network/users/solene/statuses/113500311512117932">Solène :flan_hacker: (solene@bsd.network)'s status on Monday, 18-Nov-2024 06:02:53 JST</a><a href="https://bsd.network/@solene" title="solene@bsd.network"><img src="https://gnusocial.jp/avatar/6273-48-20220828132537.webp" width="48" height="48" alt="Solène :flan_hacker:" style="position: absolute; left: 0; top: 0;">Solène :flan_hacker:</a><div><a href="https://mastodon.social/@graslander/113500208159771589" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://mastodon.social/@graslander">@graslander</a> at first, I thought you wrote about setting up a PKI on OpenBSD</p><p>As you use keys to authenticate clients, you still rely on TOFU when connecting to the server, you have two solutions to solve this:</p><p>- use SSH certificates to authenticate both clients and servers<br>- use SSHFP DNS entries</p><p>I covered the second system if you are interested <a href="https://dataswamp.org/~solene/2023-08-05-sshfp-dns-entries.html" rel="nofollow noreferrer">https://dataswamp.org/~solene/2023-08-05-sshfp-dns-entries.html</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4018481#notice-7852756">In conversation</a><time datetime="2024-11-18T06:02:53+09:00" title="Monday, 18-Nov-2024 06:02:53 JST">about 6 months ago</time> <span>from <span><a href="https://bsd.network/@solene/113500311512117932" rel="external" title="Sent from bsd.network via ActivityPub">bsd.network</a></span></span><a href="https://bsd.network/@solene/113500311512117932">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: dataswamp.org</div><h5><a href="https://dataswamp.org/~solene/2023-08-05-sshfp-dns-entries.html">Solene'% : Authenticate the SSH servers you are connecting to</a></h5><div></div></header><div>In this article, you will learn how to use SSHFP DNS records in order to prevent TOFU when using SSH.</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Solène :flan_hacker: (solene@bsd.network)'s status on Monday, 18-Nov-2024 06:02:53 JSTSolène :flan_hacker:
in reply to
- graslander
@graslander at first, I thought you wrote about setting up a PKI on OpenBSD
As you use keys to authenticate clients, you still rely on TOFU when connecting to the server, you have two solutions to solve this:
- use SSH certificates to authenticate both clients and servers
- use SSHFP DNS entries
I covered the second system if you are interested https://dataswamp.org/~solene/2023-08-05-sshfp-dns-entries.html
In conversationabout 6 months ago from bsd.networkpermalink
Attachments
1. Domain not in remote thumbnail source whitelist: dataswamp.org
  Solene'% : Authenticate the SSH servers you are connecting to
  In this article, you will learn how to use SSHFP DNS records in order to prevent TOFU when using SSH.

Public

Embed Notice

HTML Code

Corresponding Notice