mardi 24 février 2015

What are the real-world implications of duplicate SSH fingerprints across many devices?



There was a recent post on the Shodan blog showing that certain SSH fingerprints are common across thousands of devices.


For example, this fingerprint is common across over 250,000 devices worldwide:



dc:14:de:8e:d7:c1:15:43:23:82:25:81:d2:59:e8:c0



And this fingerprint is common across over 11,000 devices across the UK:



7c:a8:25:21:13:a2:eb:00:a6:c1:76:ca:6b:48:6e:bf



This obviously presents issues in authenticating which device you are connecting to over SSH, but what other real-world implications are there in having a common fingerprint (and hence, common public key) across so many devices?





Aucun commentaire:

Enregistrer un commentaire