DigiNews

Summary

This article presents a cloud-init-based technique to stop MITM on the first SSH connection to a new VM across VPS/cloud providers by injecting a temporary host key and then rotating to the long-term keys. It includes a threat model and security analysis, discusses key management, and provides implementation details and code references. It highlights provider-agnostic applicability and potential risks associated with cloud-init userdata exposure.