[Bug 1843] ssh should mention ssh-keygen in remote host fingerprint warning

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu Dec 16 01:48:18 EST 2010


https://bugzilla.mindrot.org/show_bug.cgi?id=1843

--- Comment #5 from Scott Moser <smoser at ubuntu.com> 2010-12-16 01:48:18 EST ---
I expected the "make it hard to do so people know what they're doing
response".  I really don't think its all that valid.  The user is still
forced to take manual action, finding, selecting, and pasting the
command line.

The "finding" is non-trivial, and in the output message (with example
below), the most obvious and important warning message still stands
out.


@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle
attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
c5:43:dd:69:56:82:2c:30:4c:03:57:45:aa:de:26:31.
Please contact your system administrator.
Add correct host key in /home/smoser/.ssh/known_hosts.uec to get rid of
this message.
Offending key in /home/smoser/.ssh/known_hosts.uec:1
  remove with: ssh-keygen -f "/home/smoser/.ssh/known_hosts.uec" -R
kearney
RSA host key for kearney has changed and you have requested strict
checking.
Host key verification failed.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list