Re: OpenSSH Assistance - New Admin
- From: Sealg <sealgair03@xxxxxxxxx>
- Date: Tue, 30 Sep 2008 10:28:13 -0700 (PDT)
On Sep 30, 10:39 am, Joe Pfeiffer <pfeif...@xxxxxxxxxxx> wrote:
Günther Schwarz <st...@xxxxxx> writes:
Joe Pfeiffer wrote:
Yes, you get a warning about a possible man-in-the-middle attack
because the key changed.
Sorry, I messed that up. You're right. But as the connection is closed
after the warning the user has no chance to correct the error without
verifying the new key settings with the server admin. This is a nasty
situation in a environment where lots of people log in with ssh. Email
is not trustworthy and snail mail is expensive. Recording the MD5 sum
of the new public key on an answering machine might do the trick.
This is configurable with the StrictHostKeyChecking setting (and
actually, I'd forgotten that if it's set to "yes", you'll get the
behavior you described. So we were actually both right).
It was the keys. I got it straighted out.
Thanks folks
.
- References:
- OpenSSH Assistance - New Admin
- From: Sealg
- Re: OpenSSH Assistance - New Admin
- From: Maxwell Lol
- Re: OpenSSH Assistance - New Admin
- From: Günther Schwarz
- Re: OpenSSH Assistance - New Admin
- From: Joe Pfeiffer
- Re: OpenSSH Assistance - New Admin
- From: Günther Schwarz
- Re: OpenSSH Assistance - New Admin
- From: Joe Pfeiffer
- OpenSSH Assistance - New Admin
- Prev by Date: Re: firewall outgoing mail
- Next by Date: LTSP5 fluxbox desktop style anomoly
- Previous by thread: Re: OpenSSH Assistance - New Admin
- Next by thread: Encrypting routers
- Index(es):
