Peter Moser wrote:
The problem is now, that I do not know if the server
has simply be reloaded
on another instance (with a different fingerprint), or someone is spoofing
Should I just turn strict host key checking off on my client, since the
sftp server contains solely data to be downloaded and processed?
The question is, is it important to know if you are downloading the data
from a certain host?
If that is the case, then keep StrictHostKeyChecking on and fail as
noisily as possible to prompt manual intervention (depending on the
frequency of re-installations)
If not, then you need to validate the data (or its origin) somehow,
and security and automation will always be in conflict to some extent.
Or, is there another idea how to solve it?
Depends on your security needs, really. Some that come to mind:
- when redeploying the AWS (via chef/puppet/ansible/cms-of-the-day, I
presume) then install a well-known SSH key for the host, rather than
have it autogenerated by sshd on the first start.
- store the fingerprint in the SSHFP DNS record and experiment with the
VerifyHostKeyDNS option (brittle and overkill, IMHO, but might work
- download over HTTPS, if you don't care about host authentication.
- download over HTTPS + X.509 if you do care about host and user
- separate download and authentication: download from cani-e-porci.com
but process the data only if it was correctly signed by a well-known
PGP key, for example.