Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I guess this is why most administrators use telnet instead of ssh, since they don't have time to check ssh fingerprints... Well, not really. As it is, many people do make a decision based on a clear text vs OE.

Now if just Firefox would store and check fingerprints of self-signed certificates, we would get the exact same benefit when telnet was replaced by ssh.



You don't check ssh fingerprints?


Administrators are a much more sophisticated group than average users. Presenting telnet/SSH as equivalent to HTTP/HTTPS is silly because they have drastically different use cases.


I think his point is that ssh is just opportunistic encryption if you don't compare the fingerprint at the first connection. Anybody could just MitM your first connection to the server without you noticing, and then MitM every future connection as well.

In a sense telnet/ssh is exactly like http/http_with_oe. And still we make a big deal out of the telnet/ssh difference while saying that http with OE is only marginally better than http.

Of course it's not nearly that black and white because ssh stores the fingerprint, meaning you are safe if (and only if) your first connection wasn't intercepted.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: