Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
jwilk
on March 24, 2023
|
parent
|
context
|
favorite
| on:
We updated our RSA SSH host key
> it should ask if you want to add the new key to the known hosts
But how do you know it's the right key?
masklinn
on March 24, 2023
[–]
By comparing the fingerprint to a trusted source, which the snippet above doesn't do. And if you trust that the https source will lead you to the correct github, you can trivially check the fingerprint against what github publishes.
cprecioso
on March 24, 2023
|
parent
[–]
You’d be pressed to find someone who doesn’t trust the https source. So… you’d do manually what the snippet does?
Join us for
AI Startup School
this June 16-17 in San Francisco!
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
But how do you know it's the right key?