Open lorenzhs opened 10 years ago
We should ask "upstream" about this issues. MITM protection would be generally a really good "feature".
True enough. Maybe we can convince DigitalOcean to add an API call to give us the machine host key (or include it in the status call, /droplets/[droplet_id]
)?
The DigitalOcean API is accessed via a secure connection, and we can't detect a MITM to the VPN anyway (we have no way of getting the correct SSH host key), just disable verification, at least for the self-destruction mechanism:
ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
Also investigate if the same is possible for
sshuttle