Can we have better ssh fingerprint collision messages?
Reindl Harald
h.reindl at thelounge.net
Tue Nov 12 11:31:04 UTC 2013
Am 12.11.2013 12:25, schrieb James Hogarth:
> Did you edit the key for both the IP address and the hostname in known_hosts?
no, because i tried to show in which cases the message
the OP wnats to see is *not* given
> It's feasible that if you only changed the hostname and not the IP based one behaviour would be different.
>
> Indeed if I just ssh-keygen -R fqdn and then ssh to a box after the key has changed there will be similar
> complaints as it verifies on the latter too.
>
> and now you can explain me where is the difference in the key on the
> server has changed and having a different but valid key than the
> servers one on "known_hosts"
>
> It can't... but you have to be sure you have edited any entries that may apply and that it is absolutely correct on
> the change ... frankly it's quicker and simpler to test via changing the target host's key rather than your
> known_hosts
and that this is needed shows IMHO a bug because it should
in all cases give out the same warning message
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20131112/c209e38e/attachment.sig>
More information about the devel
mailing list