Can we have better ssh fingerprint collision messages?
h.reindl at thelounge.net
Tue Nov 12 11:31:04 UTC 2013
Am 12.11.2013 12:25, schrieb James Hogarth:
> Did you edit the key for both the IP address and the hostname in known_hosts?
no, because i tried to show in which cases the message
the OP wnats to see is *not* given
> It's feasible that if you only changed the hostname and not the IP based one behaviour would be different.
> Indeed if I just ssh-keygen -R fqdn and then ssh to a box after the key has changed there will be similar
> complaints as it verifies on the latter too.
> and now you can explain me where is the difference in the key on the
> server has changed and having a different but valid key than the
> servers one on "known_hosts"
> It can't... but you have to be sure you have edited any entries that may apply and that it is absolutely correct on
> the change ... frankly it's quicker and simpler to test via changing the target host's key rather than your
and that this is needed shows IMHO a bug because it should
in all cases give out the same warning message
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 263 bytes
Desc: OpenPGP digital signature
More information about the devel