| ▲ | PhilipRoman 4 hours ago | |
I'm saying that 90% of these setups look like this (or do the equivalent thing manually): | ||
| ▲ | 0xbadcafebee 4 hours ago | parent | next [-] | |
Exactly. But 'passive encryption' isn't helpful; if you can see the traffic, you can MITM it. Just RST the connection, wait for the reconnect, intercept. | ||
| ▲ | ajross 4 hours ago | parent | prev [-] | |
Well, sure. You can turn off host key checking in ssh! But that isn't responsive to a point that (1) host key validation exists in ssh and (2) host key validation is on by default in ssh. | ||