I am no expert in network security, so pardon if this question is not

Question

0

Asked: May 18, 20262026-05-18T20:00:20+00:00 2026-05-18T20:00:20+00:00

I am no expert in network security, so pardon if this question is not

0

I am no expert in network security, so pardon if this question is not very smart :).
I am automating logins to some machines using ssh. I am currently avoiding host-key warnings using StrictHostKeyChecking no.
I naively understand that someone can impersonate as the server and I risk losing my password to him if that were the case. However, if I am using only public/private Key based authentication ( using PasswordAuthentication no ), can the intruder still cause harm?

So basically, with ssh -o "StrictHostKeyChecking no" -o "PasswordAuthentication no" :

1) Can the intruder decipher my private key?

2) Are there any other security threats?

regards,

JP

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-18T20:00:21+00:00

No. Or atleast… not directly. Since you never send your private key, the key will be safe. That doesn’t mean that the person that is executing the MITM attack can’t execute commands and/or read the output you’re getting.
Yes, there are other risks. If the person executing the MITM attack forwards the data to the correct server than it might be possible to use your private key to execute commands on the machine you were trying to access.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am no expert in network security, so pardon if this question is not

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply