What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
300.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Sensor -- SSH/SFTP Device Public Key (or Key Hash)

Votes:

0

Your Vote:

Up

Down

--- Want this feature implemented, too? Please upvote by clicking Thumbs up!

(Posts as a reply won't be published in this feature request thread. Read Me!)


User story

There are times where an SSH or SFTP server is important to infrastructure. Normally such SSH/SFTP servers are TOFU (Trust On First Use). It would be great if PRTG could periodically check the public key provided by an SSH/SFTP server and alert if changes occurred, which could signal a security breach.

Details of user story

The already existing TLS/SSL certificates are not sufficient for this use as OpenSSH does not use such key formats. Instead, it uses a different key format which is defined in RFC4716.

Acceptance criteria

  • Sensor called something like "SSH/SFTP Device Public Key"
  • Sensor settings which would define the expected MD5 or SHA256 hash(es) for the public key used by the device
  • Sensor has the standard timeout/port options
  • A channel for the device's public key hash which tracks whether or not it has changed, and gives the PRTG administrators the option of what to do if it changes (Warning/Alert options, reset conditions if any)
  • I do believe OpenSSH keys also implement their own chain of trust similar to that of x.509 formats. It would be even better to have an option to set a setting (both on the sensor and on parent groups) as to what public key hash(es) are allowed to be trusted (analogous to a root CA in x509).

Status

Open

add-sensor hash key openssh prtg-kbtracker public sftp ssh

Created on Oct 6, 2021 2:18:44 PM by  wcu_je (0) 1



Replies

Nobody has replied yet

Why not be the first?

Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.