bugzilla-daemon at bugzilla.mindrot.org
2008-Jan-04 17:45 UTC
[Bug 1426] New: ssh key verification hint (on remote side)
https://bugzilla.mindrot.org/show_bug.cgi?id=1426 Summary: ssh key verification hint (on remote side) Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: Other OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: js at lastlog.de everyone has seen the lines attached to this bug report. please add a note to that warning how i can list all fingerprints "FROM" and "ON" the remote side so that i could see what is going on. say i have another ssh session still running so i would not have to accept the new host key first. the line could look like this: ******************* <please add this to the warning> ******************* You can verify your fingerprint on the remote side with: ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key (in case your keys are stored somewhere else, adapt the path) If the fingerprint from the remote side and the one your client states to be new match there is no 'man in the middle attack' going on and you can safely accept the new fingerprint on the client side with 'yes'. ******************* </please add this to the warning> ******************* ====== attachment ================= @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: POSSIBLE DNS SPOOFING DETECTED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ The RSA host key for [domain]:port has changed, and the key for the according IP address [ip.ip.ip.ip]:port is unknown. This could either mean that DNS SPOOFING is happening or the IP address for the host and its host key have changed at the same time. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is aa:bb:cc:dd:ee:ff:gg:hh:ii:jj:... Please contact your system administrator. Add correct host key in /home/user/.ssh/known_hosts to get rid of this message. Offending key in /home/user/.ssh/known_hosts:15 RSA host key for [domain]:port has changed and you have requested strict checking. Host key verification failed. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2008-Jan-19 19:35 UTC
[Bug 1426] ssh key verification hint (on remote side)
https://bugzilla.mindrot.org/show_bug.cgi?id=1426 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX CC| |djm at mindrot.org --- Comment #1 from Damien Miller <djm at mindrot.org> 2008-01-20 06:35:25 --- Sorry, but I think the warning is long enough already and it already suggests the preferred way to avoid the warning (copy the actual pubkey). -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2008-Apr-03 23:02 UTC
[Bug 1426] ssh key verification hint (on remote side)
https://bugzilla.mindrot.org/show_bug.cgi?id=1426 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #2 from Damien Miller <djm at mindrot.org> 2008-04-04 10:02:07 --- Close resolved bugs after release. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
Possibly Parallel Threads
- [Bug 523] ssh saves only host/ip information in known_hosts while port information is missing
- auto-accept keys matching DNSSEC-validated SSHFP records
- ssh-ed25519 and ecdsa-sha2-nistp256 host keys
- [Bug 3216] New: Confusing error "host key ... has changed" when connecting to a server not offering matching host key types
- [Bug 3219] New: Can't connect to a server that is using several host keys of the same type