Re: Can we have better ssh fingerprint collision messages?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Am 12.11.2013 13:26, schrieb Tomas Mraz:
> On Út, 2013-11-12 at 07:21 -0500, Matthew Miller wrote:
>> On Tue, Nov 12, 2013 at 12:31:04PM +0100, Reindl Harald wrote:
>>>> It can't... but you have to be sure you have edited any entries that may apply and that it is absolutely correct on
>>>> the change ... frankly it's quicker and simpler to test via changing the target host's key rather than your
>>>> known_hosts
>>> and that this is needed shows IMHO a bug because it should
>>> in all cases give out the same warning message
>>
>> Harald, I'm not seeing the behavior you see either -- if I replace a host
>> key with another one in known_hosts, I get the correct man-in-the-middle
>> message.
> Exactly, I verified that too. But I actually first made a mistake by
> deleting the 'ssh-rsa' and not copying it from the other host entry
> which made the line invalid and the message was the same as for first
> contact with the server. So I wonder if Harald did the same mistake

see below the difference in "known_hosts", the third line with the used hostname

[harry@rh:~/.ssh]$ ssh harry@srv-rhsoft
The authenticity of host '[srv-rhsoft]:22 ([62.178.102.6]:22)' can't be established.
RSA key fingerprint is 4d:64:fa:f7:78:ac:f2:2d:59:4d:59:35:5d:a2:ca:70.
Are you sure you want to continue connecting (yes/no)?
_________________________________________________

before:

local ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAzTBd2hor7lh2ien9j9ghkrqNGIh0t3AbUfwlABMnHIcSA9CATSctmwfHWkjob9CLCYIVF38hQPAbvSV9WyNu2BGHzuiXPPnvIxM06U4ot6Xs8B0Wcj3MtrBzbMCcl1b6tVNREPSwxDiUiDdmWgQpkbFIr+qX/D7CrJLfc5ON/VF/ZSe46hJw8YUoDa19hCXfZe0P4UK9iXLfhrjPKMl+x6/2F/CKwmtAdCXpWd1D3M/fozTSjiG2BBszWTZFCDKdtBOhB2tpndyzatkpFR6Ik7JR5/YzwZghayWs9PZyOb7M4RHnPAzZX0yy9lrHyi+///VKSyxv2xUxXXGc6AiBhw==
local.rhsoft.net ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAzTBd2hor7lh2ien9j9ghkrqNGIh0t3AbUfwlABMnHIcSA9CATSctmwfHWkjob9CLCYIVF38hQPAbvSV9WyNu2BGHzuiXPPnvIxM06U4ot6Xs8B0Wcj3MtrBzbMCcl1b6tVNREPSwxDiUiDdmWgQpkbFIr+qX/D7CrJLfc5ON/VF/ZSe46hJw8YUoDa19hCXfZe0P4UK9iXLfhrjPKMl+x6/2F/CKwmtAdCXpWd1D3M/fozTSjiG2BBszWTZFCDKdtBOhB2tpndyzatkpFR6Ik7JR5/YzwZghayWs9PZyOb7M4RHnPAzZX0yy9lrHyi+///VKSyxv2xUxXXGc6AiBhw==
srv-rhsoft ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAzTBd2hor7lh2ien9j9ghkrqNGIh0t3AbUfwlABMnHIcSA9CATSctmwfHWkjob9CLCYIVF38hQPAbvSV9WyNu2BGHzuiXPPnvIxM06U4ot6Xs8B0Wcj3MtrBzbMCcl1b6tVNREPSwxDiUiDdmWgQpkbFIr+qX/D7CrJLfc5ON/VF/ZSe46hJw8YUoDa19hCXfZe0P4UK9iXLfhrjPKMl+x6/2F/CKwmtAdCXpWd1D3M/fozTSjiG2BBszWTZFCDKdtBOhB2tpndyzatkpFR6Ik7JR5/YzwZghayWs9PZyOb7M4RHnPAzZX0yy9lrHyi+///VKSyxv2xUxXXGc6AiBhw==
srv-rhsoft.rhsoft.net ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAzTBd2hor7lh2ien9j9ghkrqNGIh0t3AbUfwlABMnHIcSA9CATSctmwfHWkjob9CLCYIVF38hQPAbvSV9WyNu2BGHzuiXPPnvIxM06U4ot6Xs8B0Wcj3MtrBzbMCcl1b6tVNREPSwxDiUiDdmWgQpkbFIr+qX/D7CrJLfc5ON/VF/ZSe46hJw8YUoDa19hCXfZe0P4UK9iXLfhrjPKMl+x6/2F/CKwmtAdCXpWd1D3M/fozTSjiG2BBszWTZFCDKdtBOhB2tpndyzatkpFR6Ik7JR5/YzwZghayWs9PZyOb7M4RHnPAzZX0yy9lrHyi+///VKSyxv2xUxXXGc6AiBhw==
ns3 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAzTBd2hor7lh2ien9j9ghkrqNGIh0t3AbUfwlABMnHIcSA9CATSctmwfHWkjob9CLCYIVF38hQPAbvSV9WyNu2BGHzuiXPPnvIxM06U4ot6Xs8B0Wcj3MtrBzbMCcl1b6tVNREPSwxDiUiDdmWgQpkbFIr+qX/D7CrJLfc5ON/VF/ZSe46hJw8YUoDa19hCXfZe0P4UK9iXLfhrjPKMl+x6/2F/CKwmtAdCXpWd1D3M/fozTSjiG2BBszWTZFCDKdtBOhB2tpndyzatkpFR6Ik7JR5/YzwZghayWs9PZyOb7M4RHnPAzZX0yy9lrHyi+///VKSyxv2xUxXXGc6AiBhw==
ns3.rhsoft.net ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAzTBd2hor7lh2ien9j9ghkrqNGIh0t3AbUfwlABMnHIcSA9CATSctmwfHWkjob9CLCYIVF38hQPAbvSV9WyNu2BGHzuiXPPnvIxM06U4ot6Xs8B0Wcj3MtrBzbMCcl1b6tVNREPSwxDiUiDdmWgQpkbFIr+qX/D7CrJLfc5ON/VF/ZSe46hJw8YUoDa19hCXfZe0P4UK9iXLfhrjPKMl+x6/2F/CKwmtAdCXpWd1D3M/fozTSjiG2BBszWTZFCDKdtBOhB2tpndyzatkpFR6Ik7JR5/YzwZghayWs9PZyOb7M4RHnPAzZX0yy9lrHyi+///VKSyxv2xUxXXGc6AiBhw==
62.178.102.6 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAzTBd2hor7lh2ien9j9ghkrqNGIh0t3AbUfwlABMnHIcSA9CATSctmwfHWkjob9CLCYIVF38hQPAbvSV9WyNu2BGHzuiXPPnvIxM06U4ot6Xs8B0Wcj3MtrBzbMCcl1b6tVNREPSwxDiUiDdmWgQpkbFIr+qX/D7CrJLfc5ON/VF/ZSe46hJw8YUoDa19hCXfZe0P4UK9iXLfhrjPKMl+x6/2F/CKwmtAdCXpWd1D3M/fozTSjiG2BBszWTZFCDKdtBOhB2tpndyzatkpFR6Ik7JR5/YzwZghayWs9PZyOb7M4RHnPAzZX0yy9lrHyi+///VKSyxv2xUxXXGc6AiBhw==
_________________________________________________

now:

local ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAzTBd2hor7lh2ien9j9ghkrqNGIh0t3AbUfwlABMnHIcSA9CATSctmwfHWkjob9CLCYIVF38hQPAbvSV9WyNu2BGHzuiXPPnvIxM06U4ot6Xs8B0Wcj3MtrBzbMCcl1b6tVNREPSwxDiUiDdmWgQpkbFIr+qX/D7CrJLfc5ON/VF/ZSe46hJw8YUoDa19hCXfZe0P4UK9iXLfhrjPKMl+x6/2F/CKwmtAdCXpWd1D3M/fozTSjiG2BBszWTZFCDKdtBOhB2tpndyzatkpFR6Ik7JR5/YzwZghayWs9PZyOb7M4RHnPAzZX0yy9lrHyi+///VKSyxv2xUxXXGc6AiBhw==
local.rhsoft.net ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAzTBd2hor7lh2ien9j9ghkrqNGIh0t3AbUfwlABMnHIcSA9CATSctmwfHWkjob9CLCYIVF38hQPAbvSV9WyNu2BGHzuiXPPnvIxM06U4ot6Xs8B0Wcj3MtrBzbMCcl1b6tVNREPSwxDiUiDdmWgQpkbFIr+qX/D7CrJLfc5ON/VF/ZSe46hJw8YUoDa19hCXfZe0P4UK9iXLfhrjPKMl+x6/2F/CKwmtAdCXpWd1D3M/fozTSjiG2BBszWTZFCDKdtBOhB2tpndyzatkpFR6Ik7JR5/YzwZghayWs9PZyOb7M4RHnPAzZX0yy9lrHyi+///VKSyxv2xUxXXGc6AiBhw==
srv-rhsoft ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEA4O6jxM5DCqDliRKUpcoOcKZHY+HZ9qBaLMHH11172osiKcbEMWIrrNOdHbtPnxnLyrpdjZqDBh4EVH9i8wqsjjbpzFHOaRQF11GoCFMEDudaLGHzYVM63Mp/Ptm+BkAabnNcVA5lCOkFmsZXzIH2oHK9xCt8ag6fjR1/j/WeSTBKSUAfwvBxsyqoeJj3fNh1XHsZQBCBPtVm9BlWtlUzy4BdiUL9XbBUIt2DlquyR1AWEMdogw5sp4Gi/Ki3R74opOfNp3eHJ164v/Db7htYkvnPFPkh5f4cx6ZHlyvjD96iz3xon/j94o22hxv4iT8Ah2aE8wqV4d3XUxUiKkbFYQ==
srv-rhsoft.rhsoft.net ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAzTBd2hor7lh2ien9j9ghkrqNGIh0t3AbUfwlABMnHIcSA9CATSctmwfHWkjob9CLCYIVF38hQPAbvSV9WyNu2BGHzuiXPPnvIxM06U4ot6Xs8B0Wcj3MtrBzbMCcl1b6tVNREPSwxDiUiDdmWgQpkbFIr+qX/D7CrJLfc5ON/VF/ZSe46hJw8YUoDa19hCXfZe0P4UK9iXLfhrjPKMl+x6/2F/CKwmtAdCXpWd1D3M/fozTSjiG2BBszWTZFCDKdtBOhB2tpndyzatkpFR6Ik7JR5/YzwZghayWs9PZyOb7M4RHnPAzZX0yy9lrHyi+///VKSyxv2xUxXXGc6AiBhw==
ns3 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAzTBd2hor7lh2ien9j9ghkrqNGIh0t3AbUfwlABMnHIcSA9CATSctmwfHWkjob9CLCYIVF38hQPAbvSV9WyNu2BGHzuiXPPnvIxM06U4ot6Xs8B0Wcj3MtrBzbMCcl1b6tVNREPSwxDiUiDdmWgQpkbFIr+qX/D7CrJLfc5ON/VF/ZSe46hJw8YUoDa19hCXfZe0P4UK9iXLfhrjPKMl+x6/2F/CKwmtAdCXpWd1D3M/fozTSjiG2BBszWTZFCDKdtBOhB2tpndyzatkpFR6Ik7JR5/YzwZghayWs9PZyOb7M4RHnPAzZX0yy9lrHyi+///VKSyxv2xUxXXGc6AiBhw==
ns3.rhsoft.net ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAzTBd2hor7lh2ien9j9ghkrqNGIh0t3AbUfwlABMnHIcSA9CATSctmwfHWkjob9CLCYIVF38hQPAbvSV9WyNu2BGHzuiXPPnvIxM06U4ot6Xs8B0Wcj3MtrBzbMCcl1b6tVNREPSwxDiUiDdmWgQpkbFIr+qX/D7CrJLfc5ON/VF/ZSe46hJw8YUoDa19hCXfZe0P4UK9iXLfhrjPKMl+x6/2F/CKwmtAdCXpWd1D3M/fozTSjiG2BBszWTZFCDKdtBOhB2tpndyzatkpFR6Ik7JR5/YzwZghayWs9PZyOb7M4RHnPAzZX0yy9lrHyi+///VKSyxv2xUxXXGc6AiBhw==
62.178.102.6 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAzTBd2hor7lh2ien9j9ghkrqNGIh0t3AbUfwlABMnHIcSA9CATSctmwfHWkjob9CLCYIVF38hQPAbvSV9WyNu2BGHzuiXPPnvIxM06U4ot6Xs8B0Wcj3MtrBzbMCcl1b6tVNREPSwxDiUiDdmWgQpkbFIr+qX/D7CrJLfc5ON/VF/ZSe46hJw8YUoDa19hCXfZe0P4UK9iXLfhrjPKMl+x6/2F/CKwmtAdCXpWd1D3M/fozTSjiG2BBszWTZFCDKdtBOhB2tpndyzatkpFR6Ik7JR5/YzwZghayWs9PZyOb7M4RHnPAzZX0yy9lrHyi+///VKSyxv2xUxXXGc6AiBhw==

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux