--- Want this feature implemented, too? Please upvote by clicking Thumbs up!
(Posts as a reply won't be published in this feature request thread. Read Me!)
There are times where an SSH or SFTP server is important to infrastructure. Normally such SSH/SFTP servers are TOFU (Trust On First Use). It would be great if PRTG could periodically check the public key provided by an SSH/SFTP server and alert if changes occurred, which could signal a security breach.
Details of user story
The already existing TLS/SSL certificates are not sufficient for this use as OpenSSH does not use such key formats. Instead, it uses a different key format which is defined in RFC4716.
- Sensor called something like "SSH/SFTP Device Public Key"
- Sensor settings which would define the expected MD5 or SHA256 hash(es) for the public key used by the device
- Sensor has the standard timeout/port options
- A channel for the device's public key hash which tracks whether or not it has changed, and gives the PRTG administrators the option of what to do if it changes (Warning/Alert options, reset conditions if any)
- I do believe OpenSSH keys also implement their own chain of trust similar to that of x.509 formats. It would be even better to have an option to set a setting (both on the sensor and on parent groups) as to what public key hash(es) are allowed to be trusted (analogous to a root CA in x509).