[Bug 1662] New: Avoidable man-in-the-middle attack warnings

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed Oct 21 18:10:55 EST 2009


https://bugzilla.mindrot.org/show_bug.cgi?id=1662

           Summary: Avoidable man-in-the-middle attack warnings
           Product: Portable OpenSSH
           Version: 4.3p2
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ssh
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: t-om at nic.fi


Created an attachment (id=1702)
 --> (https://bugzilla.mindrot.org/attachment.cgi?id=1702)
Sample session capture (names changed)

When running one or more virtual machines within one host machine, each
virtual machine listening for ssh connections in different tcp ports of
the host machine, and one tries to connect with ssh to these virtual
machines or the host running them (other target than whose
identification information was previously saved to known_hosts in
source), ssh complains about possible man-in-the-middle attack
(WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!).

This could possibly be avoided if the port number was included in the
identification information of a host in known_hosts.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list