On Tue, 17 Apr 2018, Zbigniew Jędrzejewski-Szmek wrote: > Services which are subject the guidelines allow to be > enabled by default should be such that starting them briefly > should not cause any permanent effects. 'should not' is not true to fact in the real world I mentioned we inject a SSH root key for management purposes. This is a sample of the 'back-splatter' I get all the time Starting the ssh service generates several keys, which then get 'picked up' off host by our control units. I have to have specil code to address the need to go in and eradicate such all the time. Sample below Apr 16 19:22:19 secure PMMan[2423]: PMMan (VM Management) [system@localhost:vm_34458] -- VM setup sees a listener on port 22/tcp Apr 16 19:22:19 secure vm_setup[1331]: ssh: connect to host 10.85.86.17 port 22: Connection refused Apr 16 19:22:19 secure last message repeated 3 times Apr 16 19:22:19 secure vm_setup[1368]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Apr 16 19:22:19 secure vm_setup[1368]: @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ Apr 16 19:22:19 secure vm_setup[1368]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Apr 16 19:22:19 secure vm_setup[1368]: IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Apr 16 19:22:19 secure vm_setup[1368]: Someone could be eavesdropping on you right now (man-in-the-middle attack)! Apr 16 19:22:19 secure vm_setup[1368]: It is also possible that the RSA host key has just been changed. Apr 16 19:22:19 secure vm_setup[1368]: The fingerprint for the RSA key sent by the remote host is Apr 16 19:22:19 secure vm_setup[1368]: 28:1c:dc:5e:26:9d:4b:1f:2c:a8:aa:8d:42:4f:5f:ea. Apr 16 19:22:19 secure vm_setup[1368]: Please contact your system administrator. Apr 16 19:22:19 secure vm_setup[1368]: Add correct host key in /root/.ssh/known_hosts to get rid of this message. Apr 16 19:22:19 secure vm_setup[1368]: Offending key in /root/.ssh/known_hosts:325 Apr 16 19:22:19 secure vm_setup[1368]: Password authentication is disabled to avoid man-in-the-middle attacks. Apr 16 19:22:19 secure vm_setup[1368]: Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks. Apr 16 19:22:19 secure vm_setup[1368]: reverse mapping checking getaddrinfo for pl085086228.domain.lan failed - POSSIBLE BREAK-IN ATTEMPT! Apr 16 19:22:20 secure pmmanLog[2432]: pmmanLog ( | _event_id: 5 | _owner_id: 0 | _vm_id: 846 | _message: VM setup is shutting down for initial clean backup | _admin: NULL | _thread_id: NULL | _level: I | _viewable: 0 _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
