Re: OpenSSH Assistance - New Admin
- From: Joe Pfeiffer <pfeiffer@xxxxxxxxxxx>
- Date: Tue, 30 Sep 2008 08:39:52 -0600
Günther Schwarz <strap@xxxxxx> writes:
Joe Pfeiffer wrote:
Yes, you get a warning about a possible man-in-the-middle attack
because the key changed.
Sorry, I messed that up. You're right. But as the connection is closed
after the warning the user has no chance to correct the error without
verifying the new key settings with the server admin. This is a nasty
situation in a environment where lots of people log in with ssh. Email
is not trustworthy and snail mail is expensive. Recording the MD5 sum
of the new public key on an answering machine might do the trick.
This is configurable with the StrictHostKeyChecking setting (and
actually, I'd forgotten that if it's set to "yes", you'll get the
behavior you described. So we were actually both right).
.
- Follow-Ups:
- Re: OpenSSH Assistance - New Admin
- From: Sealg
- Re: OpenSSH Assistance - New Admin
- References:
- OpenSSH Assistance - New Admin
- From: Sealg
- Re: OpenSSH Assistance - New Admin
- From: Maxwell Lol
- Re: OpenSSH Assistance - New Admin
- From: Günther Schwarz
- Re: OpenSSH Assistance - New Admin
- From: Joe Pfeiffer
- Re: OpenSSH Assistance - New Admin
- From: Günther Schwarz
- OpenSSH Assistance - New Admin
- Prev by Date: Re: firewall outgoing mail
- Next by Date: Re: Encrypting routers
- Previous by thread: Re: OpenSSH Assistance - New Admin
- Next by thread: Re: OpenSSH Assistance - New Admin
- Index(es):
