Let me ask you this, why does ssh when you connect to a server for the first time ask whether you trust the host then adds that servers info to your known hosts?

I’d recommend using sftp over ssh

Yes that’s for the server to know who you are. Not for you to prove the the server’s authenticity

A hacker would need the /etc/shadow if your server

The hacker would need to intercept your initial call to the ssh server you are trying to connect to, then put his own ssh in between and let you connect there as yourself. Given that he has your public key. Which based on the name is not super hard to get)

Same way that say ssl tls works. When you go to Facebook.com without tls and certs there is no way to know that you are really on Facebook

He doesn’t even need your public key, i guess but anyways maybe I’m talking nonsense))

Again the whole transaction is secure the initial connection is the key exchange

And the /etc/shadow file is crucial

To copy over you need a local account on the box you are connecting to

And to capture tge ssl/tls traffic to decrypt get both keys you’d need quick timing it’s a bit more difficult and if the hacker doesn’t have your hashed password it won’t work

I can create a local account for you on the fly with whatever account you are connecting and pretend that you are on your home directory in the server you think you should be on

No you cant

You would need my password

I disagree. let me ask you this, why does ssh when you connect to a server for the first time ask whether you trust the host then adds that servers info to your known hosts?)

Because it generates a key

You would still need my password from the other server

And you’d need to delete the local hosts file on my machine fir your idea to work

What do you mean?

A trust between you and the remote server

I’m specifically asking why it prompts you whether you trust the server or not

If you are trying to connect then obviously you trust it

And who would put no I don’t trust this

Everyone just presses enter)

But if you connect to a server copying yours the known hosts file wouldn’t let you connevt

Nope. Because you say you trust it. This is deep dude

For the initial connection it can’t save you.

Yep and even afterwards the hacker can still try

Because let’s say you correctly connected to smth

But then he puts an ssh server in between.

Yes install a server then reinstall keep your sane ip and known hosts file and you’ll get an error

It will prompt you if you trust it again. And you might by default click enter and not notice

Have a read https://stackoverflow.com/questions/20840012/ssh-remote-host-identification-has-changed

In order to connect you’d need to delete the entry in the known_host file because they don’t match.

This is better ofc. But again as Ryder said this is not for the very first time

Which is why ssh puts the trust on you. And asks if you trust the server