ARP-spoofing defense

Nicholas Leippe nick at
Wed Mar 14 13:59:07 MDT 2007

On Wednesday 14 March 2007 13:53, Nicholas Leippe wrote:
> On Wednesday 14 March 2007 11:09, Michael L Torrie wrote:
> > On Wed, 2007-03-14 at 10:07 -0700, Nicholas Leippe wrote:
> > > This is an optimization.  Your host does this with the idea that if you
> > > do decide to talk to one of these machines from which it has already
> > > seen ARP traffic, it can skip that step.
> > >
> > > As for man-in-the middle, playing with ARP can cause disruption of
> > > services, and could intercept insecure protocols.  Which is why for
> > > critical data, ssl or other secure mechanism should be used.
> >
> > Additionally this is why SSL uses certificates that should be verified
> > to prove that the host is who it says it is. Also ssh key fingerprints
> > should always be verified.  How often do we ssh into a box and just
> > automatically type "yes" to the fingerprint authorization?
> I've always wondered about that. I search the man pages, and looked at the
> host key/files, but never figured out how to find the host's fingerprint to
> do this. I've thought about recording all of our server's fingerprints and
> publishing them somewhere/bringing them with me so I could verify them when
> I'm connecting from offsite.
> Is there a simple command on the host to get the host's fingerprint?

I found it: man ssh(1)

Fingerprints can be determined using ssh-keygen(1):

      $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key

wonder when they added that to the man page. ;)

More information about the PLUG mailing list