tofu

Initialize a new or existing OpenTofu configuration

$ tofu init

$ tofu validate

$ tofu fmt

$ tofu plan

$ tofu apply

$ tofu destroy

tofu [-v] [-q] [-H ] [-f] [-m ] [[:]]

-v
    Verbose mode. Increases the level of verbosity.

-q
    Quiet mode. Suppresses most output.

-H
    Specify an alternative known_hosts file.

-f
    Force trust. Bypass key checking and always accept the key. Use with caution!

-m
    Specify the hash method to use for fingerprint generation. Supported options include sha256 or md5. Defaults to sha256.

[:]
    The hostname (and optional port) of the server to connect to.

tofu is a security tool, primarily used in SSH key management, designed to facilitate the initial trust establishment of cryptographic keys. It addresses the vulnerability of man-in-the-middle attacks during the first connection to a remote server.

tofu implements the "Trust On First Use" principle. When connecting to a server for the first time, it stores the server's public key. Subsequent connections are verified against this stored key. If the key changes, tofu alerts the user, indicating a potential security risk. This system allows users to accept the key fingerprint the first time they connect and then be warned if the key changes subsequently, requiring manual verification. tofu aims to provide an easier user experience by eliminating the manual key verification process, while still guarding against malicious activity.

The effectiveness of tofu relies on the assumption that the initial connection is secure. If the first connection is compromised, the stored key will be malicious, and subsequent checks will be ineffective.

While tofu offers enhanced security compared to blindly accepting any key, it's crucial to understand its limitations. It doesn't provide protection against all possible attacks, especially if the initial connection is compromised. Regular security audits and proactive key management practices are still necessary.

ssh(1), ssh-keygen(1), ssh-keyscan(1)