The ForestSafe Remote SSH terminal automatically save a file of server keys locally on every end user’s computer. The first time an SSH connection is made, if the system cannot locate the key in the file before making connection, it prompts the user to validate and save the key or to terminate the connection. This occurs before any connection credentials are given to the remote host.
There is usually no way of validating SSH fingerprints unless every user has a list of SSH fingerprints to hand. However. ForestSafe displays the fingerprint in the SSH Terminal Windows heading so a simple visual check can be made before saving the key. This prevents man-in-the-middle attacks.
Should an attack occur after the terminal has launched a number of times, the system will prompt the user as it does not recognise the key of the bogus server and the same procedure can be followed.
Figure 19 : Unknown SSH Fingerprint challenge
In this example the host fingerprint “1d:61:b8:b0:7d:06:b0:0f:39:77:bb:2a:5c:93:29:7a” served up by ForestSafe, can be seen in the terminal window heading and in the terminal. This fingerprint would have be entered as part of the Unix Import carried out by the ForestSafe Administrator.
If these keys differ, if requested, the user can make a note of the bogus host, abort the terminal session and report the matter to their security team.
