alt Hacker NewsYou can't really verify anything in this way. SSH is just a protocol, you're trusting the SSH server to give you a shell inside the real production environment instead of giving you a shell inside some elaborate simulation of a production environment. It's about as trustworthy as a policy page saying "we don't keep logs".
You are correct. Would need something like distributed ledger to fully prove things.
It might not be possible to verify 100% but the more transparency the better i guess. Seeing the 3 way handshake and connection information, the timings, location of the server. Would need to be quite elaborate to fake. Just thought was a fun idea. Have the customer allowed in to production. A lot more difficult then publish privacy page, source code, fake audit reports.