SSH has solution for that forever too, server certs. Server cert change or (if y... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		adql on Nov 22, 2022 \| parent \| context \| favorite \| on: CVE-2022-41924 – tailscaled can be used to remotel... SSH has solution for that forever too, server certs. Server cert change or (if you're fancy) is not signed by right CA and you get an alert.

amluto on Nov 22, 2022 [–]

Server certs are a different issue. If OpenSSH, by default, sent SHA256(logged in user’s password) to the server, even after verifying the cert, it would get laughed out of the toolbox of security-conscious users.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact