Monkeysphere (advice from maxigas) "verify your SSH key through the OpenPGP web of trust" Strength: OpenPGP is cool if you REALLY know how to use it. Weakness: "vote counting scheme" does not sound too cool. "use of an organization's own HTTPS site" (advice from Stephanie Daugherty) In my personal opinion, this is the best solution. Weakness: basically nothing - it's very secure. "use DNSSEC to validate SSH fingerprints" (advice from Micha Borrmann / Jeroen van der Ham / john) This is a good solution. Weakness: HTTPS is more mature than DNSSEC(in my personal opinion). "ssh-keyscan -p 22 domain.com ..." (advice from Busindre) It's the same as running "ssh" directly. Check SSH(https://checkssh.com/) (we made it) Strength: this definitely stops ALL local bad boys. Weakness: While it's open source(and source code is less than 100 lines)... We simply won't give you root password of the server(you don't own the server). If adversary is EXTREMELY powerful: It's better to set up your own Check SSH. Best Wishes,
