On Wed December 10 2008, Mike McGrath wrote: > On Wed, 10 Dec 2008, Mike McGrath wrote: > > I've not actually used global ssh_known_hosts before, I wouldn't be > > surprised if it causes issues in some of our scripts that might have a > > conflicting ~/.ssh/known_hosts. Lets keep our eyes open. If there is a conflict, then the public key of the host the script connects to will probably not match. Therefore there is a problem anyways. > http://fedoraproject.org/wiki/Infrastructure/SOP/ssh_known_hosts I suggest to use echo app1,10.8.34.59 $(cat /etc/ssh/ssh_host_rsa_key.pub) on the regarding machine instead of ssh-keyscan -t rsa app1,10.8.34.59 on a remote machine. Otherwise there may be still a small window of opportunity for a mitm attack. Regards, Till
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
