Today, I learned a bit more about the SSH (Secure Shell) program, specifically about an option flag called StrictHostKeyChecking, which plays an important role from a security standpoint.

When set to yes, the SSH client verifies the host’s key (server identifier) to ensure that no DNS spoofing has occurred. If the host key doesn’t match, the client raises a “host key verification failed” error.

When set to no, the known hosts verification isn’t done, which can make the client vulnerable to a Man-in-the-Middle (MITM) attack.

Once the server is authenticated, the actual secure data exchange takes place using encryption that’s agreed upon like Diffie-Hellman key exchange, etc.

SSH connections, by default happen via port 22 while telnet which is similar but in plain text happens on port 23. Telnet should be used inside local networks where there is confidence that external bad actors cannot be involved. All remote logins through the public internet should be done via SSH instead.

I found this write-up very useful while revising SSH in general.