Am 11.11.2013 23:24, schrieb Chris Adams: > Once upon a time, Reindl Harald <h.reindl@xxxxxxxxxxxxx> said: >> no - i simply took the host-key of another machine in my "known_hosts" file >> pressed save and tried to connect to the host, maybe this happens because >> there are more than one lines for each host (IP, only local part, FQ) but >> that is in fact what you get > > If you didn't change it to match exactly what you attempted to connect > to (e.g. if you made an entry for "foo.mydomain.com" and then just did > "ssh foo"), the line is not matched. If you manually make multiple > lines with the same host, I'm not sure what OpenSSH does (because it > doesn't create such entries); it may only care about the first match. boah *it does* if you connect one time to the local-part only because a DNS suffix and one time to the FQ host these lines are not written by hand and i replaced the key from "AAA" to "==" of the first one with the key off a completly different host in the file resulting in the message i posted by ssh "harry@srv-rhsoft" srv-rhsoft ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzTBd2hor7lh2ien9j9ghkrqNGIh0t3AbUfwlABMnHIcSA9CATSctmwfHWkjob9CLCYIVF38hQPAbvSV9WyNu2BGHzuiXPPnvIxM06U4ot6Xs8B0Wcj3MtrBzbMCcl1b6tVNREPSwxDiUiDdmWgQpkbFIr+qX/D7CrJLfc5ON/VF/ZSe46hJw8YUoDa19hCXfZe0P4UK9iXLfhrjPKMl+x6/2F/CKwmtAdCXpWd1D3M/fozTSjiG2BBszWTZFCDKdtBOhB2tpndyzatkpFR6Ik7JR5/YzwZghayWs9PZyOb7M4RHnPAzZX0yy9lrHyi+///VKSyxv2xUxXXGc6AiBhw== srv-rhsoft.rhsoft.net ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzTBd2hor7lh2ien9j9ghkrqNGIh0t3AbUfwlABMnHIcSA9CATSctmwfHWkjob9CLCYIVF38hQPAbvSV9WyNu2BGHzuiXPPnvIxM06U4ot6Xs8B0Wcj3MtrBzbMCcl1b6tVNREPSwxDiUiDdmWgQpkbFIr+qX/D7CrJLfc5ON/VF/ZSe46hJw8YUoDa19hCXfZe0P4UK9iXLfhrjPKMl+x6/2F/CKwmtAdCXpWd1D3M/fozTSjiG2BBszWTZFCDKdtBOhB2tpndyzatkpFR6Ik7JR5/YzwZghayWs9PZyOb7M4RHnPAzZX0yy9lrHyi+///VKSyxv2xUxXXGc6AiBhw== > If there is no match to the host, you get the output you described; if > there is a match but the key is different, you get the original poster's > desired output. This is standard (and I believe non-configurable) > OpenSSH behavior going back to the beginning (and IIRC to the original > SSH code before OpenSSH started) and as i have proven this is *not true* in all situations - period
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
