0

I am trying to connect to a server. I connect to it and add a file or two then disconnect. I just got this message when connecting on a new machine: 

The authenticity of host 'mytestingserver.com (111.22.129.1)' can't be established.
Are you sure you want to continue connecting (yes/no)?

If I hit yes I can do my normal tasks. However, are there any dangers such as:

Will saying yes allow this server to connect back to my computer and cause me harm?

I am aware of this post, in which it says that No one without the private key corresponding to fingerprint 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40 can decode what you send.

I don't care about what I send, I am just afraid something might creep back into my computer through that connection.

Community
  • 1
J_Strauton
  • 139
  • 1
  • 9

2 Answers2

2

Will saying yes allow this server to connect back to my computer and cause me harm?

Generally, no. Why would it? Much like visiting any random website, there is nothing that implicitly opens some kind of backdoor for it to visit back.

(Of course, there's a possibility that the ssh client could have a bug that makes this possible, and such bugs are discovered frequently in web browsers, but ssh is tiny in comparison and so its client code has been carefully reviewed over time.)

I don't care about what I send

You're sending your password, for one, and the various files that you mentioned earlier.

MITM attacks aren't that frequent in practice, but not too hard to perform for someone using the same LAN or working at your ISP, either, so it's wise to guard against them, because an attacker wouldn't merely receive the data, but could also use it against you, e.g. connect to your server with your password and destroy things.

(Remember Firesheep? Most people wouldn't say they send anything secret to Facebook either, but at the same time, nobody likes it when someone finds out their password. So HTTPS servers also have their own keys that must be verified; web browsers just use "certificate authorities" instead of asking every user.)

I am just afraid something might creep back into my computer through that connection.

The only way the server could control the client is if the client had such a feature (ssh doesn't) or a bug that made it possible (ssh doesn't, though web browsers frequently do).

That said, some other remote connection tools, such as Remote Desktop in Windows, do have features that would let the server access files kept on the client computer, but those have to be enabled manually, and a warning message is shown that explicitly mentions everything that the server could do.

u1686_grawity
  • 426,297
  • 64
  • 894
  • 966
1

@grawity is correct - this does not create a channel that someone can get back into your system.

The purpose of that warning is to prevent a Man In the Middle Attack, ie another computer pretending to be the server to you and you to the server.

If you have not connected to the server before, its probably OK to connect (not guaranteed, and across some borders it will be MITM'd by the government, so it depends on your if you are concerned about that). BUT IF THIS SUDDENLY POPS UP WHEN YOU HAVE CONNECTED TO THE SYSTEM BEFORE, AND YOU DON'T KNOW OF A CHANGE WHICH WOULD HAVE CAUSED THIS (like reinstall of server or recreating SSH Keys), don't connect.

If you are using public/private keys the remote site can't get your password as its not sent.

davidgo
  • 68,623
  • 13
  • 106
  • 163