openssh bugs - Jan 2008 - [Bug 1426] New: ssh key verification hint (on remote side)

https://bugzilla.mindrot.org/show_bug.cgi?id=1426

           Summary: ssh key verification hint (on remote side)
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 4.7p1
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: sshd
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: js at lastlog.de


everyone has seen the lines attached to this bug report. 

please add a note to that warning how i can list all fingerprints
"FROM" and "ON" the remote side so that i could see what is
going on.
say i have another ssh session still running so i would not have to
accept the new host key first.

the line could look like this:
******************* <please add this to the warning>
*******************
You can verify your fingerprint on the remote side with:
ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
(in case your keys are stored somewhere else, adapt the path) 

If the fingerprint from the remote side and the one your client states
to be new match there is no 'man in the middle attack' going on and you
can safely accept the new fingerprint on the client side with 'yes'.
******************* </please add this to the warning>
*******************

====== attachment =================
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for [domain]:port has changed,
and the key for the according IP address [ip.ip.ip.ip]:port
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle
attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
aa:bb:cc:dd:ee:ff:gg:hh:ii:jj:...
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this
message.
Offending key in /home/user/.ssh/known_hosts:15
RSA host key for [domain]:port has changed and you have requested
strict checking.
Host key verification failed.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1426


Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX
                 CC|                            |djm at mindrot.org




--- Comment #1 from Damien Miller <djm at mindrot.org>  2008-01-20
06:35:25 ---
Sorry, but I think the warning is long enough already and it already
suggests the preferred way to avoid the warning (copy the actual
pubkey).

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1426


Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added                       
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED                      




--- Comment #2 from Damien Miller <djm at mindrot.org>  2008-04-04
10:02:07 ---
Close resolved bugs after release.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.