How to correctly secure a ssh session against MITM attack?
Make sure you pay attention to the warnings about changes to the server's public key. If you get a warning like this, say "no" and check the public key fingerprint through out-of-band means; don't say "yes" unless you have verified the public key fingerprint somehow.
If you never connect to new hosts, you can set
StrictHostKeyChecking yes
in your ~/.ssh/config
configuration file (or in /etc/ssh/ssh_config
). However this may be annoying if you frequently connect to new machines.
Read the section VERIFYING HOST KEYS of the ssh man page.
Read How do RSA fingerprints protect from MITM attacks? on this site.
Use a SSH private key, not a password, to authenticate.
If you are in control of your own infrastructure, you can look into setting up ssh certificates for both hosts and users. This allows the ssh client to verify the identity of the ssh server. This may be the best solution against man-in-the-middle attacks, as it eliminates the need for users to check fingerprints carefully. Realistically, many users probably won't bother to check, so ssh certificates may be a more usable and more reliable defense.
Always authenticate with public keys (better yet, turn off password authentication entirely in /etc/ssh/sshd_config
), this should thwart any MITM attack against OpenSSH.
Here is a short explanation that goes into more detail: http://www.gremwell.com/ssh-mitm-public-key-authentication