[TriLUG] Semi-OT: Detecting HTTPS inspection? Does that compromise SSH?

[Brian]

On 6/2/2014 4:42 PM, matt at noway2.thruhere.net wrote:
> With SSH, I assume you established the original connection outside of your
> company (suspect) network?  This would have caused the fingerprint hash of
> the SSH server to be stored in the client.  If the certificate were forged
> or altered you would get a very prominent message about an altered
> fingerprint asking you if you wish to trust it.
>
> In other words, as long as you didn't create the initial connection and
> accept a fingerprint that could have been compromised then I seriously
> doubt that they can decrypt your SSH traffic.  If you did, then you should
> be getting warnings if you try to connect via SSH when your NOT behind
> their MITM proxy.
>

What I did was remove the entry from PuTTY's known-hosts cache and 
reconnect, then observe that the RSA fingerprint PuTTY showed me for the 
now-untrusted connection matched the fingerprint I got when I used 
ssh-keygen -l to list the fingerprint on the server.

So I think I'm relatively safe on that front, at least.  I may have to 
stop doing any online banking from the office, though.

Thanks!
~B