xhochy
commented
10 years ago We should ask "upstream" about this issues. MITM protection would be generally a really good "feature".
Open lorenzhs opened 10 years ago
xhochy
commented
10 years ago We should ask "upstream" about this issues. MITM protection would be generally a really good "feature".
lorenzhs
commented
10 years ago True enough. Maybe we can convince DigitalOcean to add an API call to give us the machine host key (or include it in the status call, /droplets/[droplet_id])?
The DigitalOcean API is accessed via a secure connection, and we can't detect a MITM to the VPN anyway (we have no way of getting the correct SSH host key), just disable verification, at least for the self-destruction mechanism:
ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=noAlso investigate if the same is possible for
sshuttle