[hobbit] SSL Certificate checking
Henrik Stoerner
henrik at hswn.dk
Tue May 17 07:48:35 CEST 2005
On Tue, May 17, 2005 at 01:23:52PM +1000, Adam Goryachev wrote:
> I understand that hobbit (and bbgen) will check the validity of SSL
> certificates on a HTTPS site, but I was wondering if hobbit (or bbgen)
> would also check that a ssh certificate does NOT change?
You mean the SSH host key. Hobbit cannot do that currently, since it
doesn't know about the SSH protocol other than to expect the "SSH-..."
banner when it connects to an SSH service.
One could probably pick out the necessary pieces of code from the
OpenSSH client to build a checker for this. That would be useful,
because it would also eliminate the warnings that OpenSSH logs
when Hobbit checks the service.
> Reason being, this morning one of my servers was hacked [...]
Ouch - whatever you find out, I'll be interested to hear about it.
My server setup looks disturbingly much like yours, so if there is a
new root exploit out there, I'd like to know.
Regards,
Henrik
More information about the Xymon
mailing list