Give feedback

Deveo should show their server's SSH key fingerprint(s) for verification

When a SSH communication key arrangement is first made, the communication program asks if you want to trust the server's key with a fingerprint that is shown on screen. Usually the user doesn't have the information, so they just accept it, risking a man-in-the-middle attack.

If Deveo's protected web site showed fingerprints of the keys they use for SSH communications on their servers, users could really verify the correctness of the connection.

6 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Vesa shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    1 comment

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Vesa commented  ·   ·  Flag as inappropriate

        ... And then the user guide page that people follow when setting up the SSH keys should contain a pointer to the page with the SSH key fingerprints.

      Feedback and Knowledge Base