On Tue, May 17, 2005 at 01:23:52PM +1000, Adam Goryachev wrote:
I understand that hobbit (and bbgen) will check the validity of SSL certificates on a HTTPS site, but I was wondering if hobbit (or bbgen) would also check that a ssh certificate does NOT change?
You mean the SSH host key. Hobbit cannot do that currently, since it doesn't know about the SSH protocol other than to expect the "SSH-..." banner when it connects to an SSH service.
One could probably pick out the necessary pieces of code from the OpenSSH client to build a checker for this. That would be useful, because it would also eliminate the warnings that OpenSSH logs when Hobbit checks the service.
Reason being, this morning one of my servers was hacked [...]
Ouch - whatever you find out, I'll be interested to hear about it. My server setup looks disturbingly much like yours, so if there is a new root exploit out there, I'd like to know.
Regards, Henrik