Can we have better ssh fingerprint collision messages?
tmraz at redhat.com
Tue Nov 12 12:26:46 UTC 2013
On Út, 2013-11-12 at 07:21 -0500, Matthew Miller wrote:
> On Tue, Nov 12, 2013 at 12:31:04PM +0100, Reindl Harald wrote:
> > > It can't... but you have to be sure you have edited any entries that may apply and that it is absolutely correct on
> > > the change ... frankly it's quicker and simpler to test via changing the target host's key rather than your
> > > known_hosts
> > and that this is needed shows IMHO a bug because it should
> > in all cases give out the same warning message
> Harald, I'm not seeing the behavior you see either -- if I replace a host
> key with another one in known_hosts, I get the correct man-in-the-middle
Exactly, I verified that too. But I actually first made a mistake by
deleting the 'ssh-rsa' and not copying it from the other host entry
which made the line invalid and the message was the same as for first
contact with the server. So I wonder if Harald did the same mistake.
No matter how far down the wrong road you've gone, turn back.
(You'll never know whether the road is wrong though.)
More information about the devel