[Bug 1662] New: Avoidable man-in-the-middle attack warnings
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Wed Oct 21 18:10:55 EST 2009
https://bugzilla.mindrot.org/show_bug.cgi?id=1662
Summary: Avoidable man-in-the-middle attack warnings
Product: Portable OpenSSH
Version: 4.3p2
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: t-om at nic.fi
Created an attachment (id=1702)
--> (https://bugzilla.mindrot.org/attachment.cgi?id=1702)
Sample session capture (names changed)
When running one or more virtual machines within one host machine, each
virtual machine listening for ssh connections in different tcp ports of
the host machine, and one tries to connect with ssh to these virtual
machines or the host running them (other target than whose
identification information was previously saved to known_hosts in
source), ssh complains about possible man-in-the-middle attack
(WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!).
This could possibly be avoided if the port number was included in the
identification information of a host in known_hosts.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list