[Bug 1426] New: ssh key verification hint (on remote side)

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Jan 5 04:45:42 EST 2008 

https://bugzilla.mindrot.org/show_bug.cgi?id=1426

           Summary: ssh key verification hint (on remote side)
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 4.7p1
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: sshd
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: js at lastlog.de


everyone has seen the lines attached to this bug report. 

please add a note to that warning how i can list all fingerprints
"FROM" and "ON" the remote side so that i could see what is going on.
say i have another ssh session still running so i would not have to
accept the new host key first.

the line could look like this:
******************* <please add this to the warning>
*******************
You can verify your fingerprint on the remote side with:
ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
(in case your keys are stored somewhere else, adapt the path) 

If the fingerprint from the remote side and the one your client states
to be new match there is no 'man in the middle attack' going on and you
can safely accept the new fingerprint on the client side with 'yes'.
******************* </please add this to the warning>
*******************

====== attachment ==================

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for [domain]:port has changed,
and the key for the according IP address [ip.ip.ip.ip]:port
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle
attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
aa:bb:cc:dd:ee:ff:gg:hh:ii:jj:...
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this
message.
Offending key in /home/user/.ssh/known_hosts:15
RSA host key for [domain]:port has changed and you have requested
strict checking.
Host key verification failed.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list