[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [hobbit] SSL Certificate checking

To: hobbit (at) hswn.dk
Subject: Re: [hobbit] SSL Certificate checking
From: henrik (at) hswn.dk (Henrik Stoerner)
Date: Tue, 17 May 2005 07:48:35 +0200
References: <1116300232.15380.28.camel@workhorse>
User-agent: Mutt/1.5.6+20040907i

On Tue, May 17, 2005 at 01:23:52PM +1000, Adam Goryachev wrote:
> I understand that hobbit (and bbgen) will check the validity of SSL
> certificates on a HTTPS site, but I was wondering if hobbit (or bbgen)
> would also check that a ssh certificate does NOT change?

You mean the SSH host key. Hobbit cannot do that currently, since it
doesn't know about the SSH protocol other than to expect the "SSH-..."
banner when it connects to an SSH service.

One could probably pick out the necessary pieces of code from the 
OpenSSH client to build a checker for this. That would be useful, 
because it would also eliminate the warnings that OpenSSH logs 
when Hobbit checks the service.

> Reason being, this morning one of my servers was hacked [...]

Ouch - whatever you find out, I'll be interested to hear about it.
My server setup looks disturbingly much like yours, so if there is a
new root exploit out there, I'd like to know.

Regards,
Henrik

References:
- SSL Certificate checking
  - From: Adam Goryachev

Prev by Date: Re: [hobbit] bbdisplay problems after adding some new hosts
Next by Date: empty rrdgraph
Previous by thread: SSL Certificate checking
Next by thread: empty rrdgraph
Index(es):
- Date
- Thread