Key authenticity warning suggestion
Darren J Moffat
Darren.Moffat at Sun.COM
Tue Aug 26 02:26:41 EST 2003
On Mon, 25 Aug 2003, Ben FrantzDale wrote:
> Until recently I was unaware of how to get the key fingerprint of a host
> using ssh-keygen. Finding that out took asking several security-minded
> people. In other words, I don't think it's public knowledge.
>
> This made me think that the warning could be changed to something along
> these lines:
>
> The authenticity of host '192.168.0.123' can't be established.
> RSA key fingerprint in md5 is: 59:94:5a:d7:2b:1f:ad:6e:ef:24:4c:71:1d:3c:3b:4a
> If you have access to '192.168.0.123' you can run
> ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
> on it to verify this key fingerprint.
> Are you sure you want to continue connecting(yes/no)?yes
> Warning: Permanently added '192.168.0.123' (RSA) to the list of known hosts.
>
> What do you think?
That assumes that the remote machine is also running OpenSSH, which may
not be the case. It is also making assumptions about the location and
name of the host key (which is configurable in OpenSSH and other
implementations).
--
Darren J Moffat
More information about the openssh-unix-dev
mailing list