Can we have better ssh fingerprint collision messages?
Reindl Harald
h.reindl at thelounge.net
Tue Nov 12 13:12:01 UTC 2013
Am 12.11.2013 13:26, schrieb Tomas Mraz:
> On Út, 2013-11-12 at 07:21 -0500, Matthew Miller wrote:
>> On Tue, Nov 12, 2013 at 12:31:04PM +0100, Reindl Harald wrote:
>>>> It can't... but you have to be sure you have edited any entries that may apply and that it is absolutely correct on
>>>> the change ... frankly it's quicker and simpler to test via changing the target host's key rather than your
>>>> known_hosts
>>> and that this is needed shows IMHO a bug because it should
>>> in all cases give out the same warning message
>>
>> Harald, I'm not seeing the behavior you see either -- if I replace a host
>> key with another one in known_hosts, I get the correct man-in-the-middle
>> message.
> Exactly, I verified that too. But I actually first made a mistake by
> deleting the 'ssh-rsa' and not copying it from the other host entry
> which made the line invalid and the message was the same as for first
> contact with the server. So I wonder if Harald did the same mistake
see below the difference in "known_hosts", the third line with the used hostname
[harry at rh:~/.ssh]$ ssh harry at srv-rhsoft
The authenticity of host '[srv-rhsoft]:22 ([62.178.102.6]:22)' can't be established.
RSA key fingerprint is 4d:64:fa:f7:78:ac:f2:2d:59:4d:59:35:5d:a2:ca:70.
Are you sure you want to continue connecting (yes/no)?
_________________________________________________
before:
local ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAzTBd2hor7lh2ien9j9ghkrqNGIh0t3AbUfwlABMnHIcSA9CATSctmwfHWkjob9CLCYIVF38hQPAbvSV9WyNu2BGHzuiXPPnvIxM06U4ot6Xs8B0Wcj3MtrBzbMCcl1b6tVNREPSwxDiUiDdmWgQpkbFIr+qX/D7CrJLfc5ON/VF/ZSe46hJw8YUoDa19hCXfZe0P4UK9iXLfhrjPKMl+x6/2F/CKwmtAdCXpWd1D3M/fozTSjiG2BBszWTZFCDKdtBOhB2tpndyzatkpFR6Ik7JR5/YzwZghayWs9PZyOb7M4RHnPAzZX0yy9lrHyi+///VKSyxv2xUxXXGc6AiBhw==
local.rhsoft.net ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAzTBd2hor7lh2ien9j9ghkrqNGIh0t3AbUfwlABMnHIcSA9CATSctmwfHWkjob9CLCYIVF38hQPAbvSV9WyNu2BGHzuiXPPnvIxM06U4ot6Xs8B0Wcj3MtrBzbMCcl1b6tVNREPSwxDiUiDdmWgQpkbFIr+qX/D7CrJLfc5ON/VF/ZSe46hJw8YUoDa19hCXfZe0P4UK9iXLfhrjPKMl+x6/2F/CKwmtAdCXpWd1D3M/fozTSjiG2BBszWTZFCDKdtBOhB2tpndyzatkpFR6Ik7JR5/YzwZghayWs9PZyOb7M4RHnPAzZX0yy9lrHyi+///VKSyxv2xUxXXGc6AiBhw==
srv-rhsoft ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAzTBd2hor7lh2ien9j9ghkrqNGIh0t3AbUfwlABMnHIcSA9CATSctmwfHWkjob9CLCYIVF38hQPAbvSV9WyNu2BGHzuiXPPnvIxM06U4ot6Xs8B0Wcj3MtrBzbMCcl1b6tVNREPSwxDiUiDdmWgQpkbFIr+qX/D7CrJLfc5ON/VF/ZSe46hJw8YUoDa19hCXfZe0P4UK9iXLfhrjPKMl+x6/2F/CKwmtAdCXpWd1D3M/fozTSjiG2BBszWTZFCDKdtBOhB2tpndyzatkpFR6Ik7JR5/YzwZghayWs9PZyOb7M4RHnPAzZX0yy9lrHyi+///VKSyxv2xUxXXGc6AiBhw==
srv-rhsoft.rhsoft.net ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAzTBd2hor7lh2ien9j9ghkrqNGIh0t3AbUfwlABMnHIcSA9CATSctmwfHWkjob9CLCYIVF38hQPAbvSV9WyNu2BGHzuiXPPnvIxM06U4ot6Xs8B0Wcj3MtrBzbMCcl1b6tVNREPSwxDiUiDdmWgQpkbFIr+qX/D7CrJLfc5ON/VF/ZSe46hJw8YUoDa19hCXfZe0P4UK9iXLfhrjPKMl+x6/2F/CKwmtAdCXpWd1D3M/fozTSjiG2BBszWTZFCDKdtBOhB2tpndyzatkpFR6Ik7JR5/YzwZghayWs9PZyOb7M4RHnPAzZX0yy9lrHyi+///VKSyxv2xUxXXGc6AiBhw==
ns3 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAzTBd2hor7lh2ien9j9ghkrqNGIh0t3AbUfwlABMnHIcSA9CATSctmwfHWkjob9CLCYIVF38hQPAbvSV9WyNu2BGHzuiXPPnvIxM06U4ot6Xs8B0Wcj3MtrBzbMCcl1b6tVNREPSwxDiUiDdmWgQpkbFIr+qX/D7CrJLfc5ON/VF/ZSe46hJw8YUoDa19hCXfZe0P4UK9iXLfhrjPKMl+x6/2F/CKwmtAdCXpWd1D3M/fozTSjiG2BBszWTZFCDKdtBOhB2tpndyzatkpFR6Ik7JR5/YzwZghayWs9PZyOb7M4RHnPAzZX0yy9lrHyi+///VKSyxv2xUxXXGc6AiBhw==
ns3.rhsoft.net ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAzTBd2hor7lh2ien9j9ghkrqNGIh0t3AbUfwlABMnHIcSA9CATSctmwfHWkjob9CLCYIVF38hQPAbvSV9WyNu2BGHzuiXPPnvIxM06U4ot6Xs8B0Wcj3MtrBzbMCcl1b6tVNREPSwxDiUiDdmWgQpkbFIr+qX/D7CrJLfc5ON/VF/ZSe46hJw8YUoDa19hCXfZe0P4UK9iXLfhrjPKMl+x6/2F/CKwmtAdCXpWd1D3M/fozTSjiG2BBszWTZFCDKdtBOhB2tpndyzatkpFR6Ik7JR5/YzwZghayWs9PZyOb7M4RHnPAzZX0yy9lrHyi+///VKSyxv2xUxXXGc6AiBhw==
62.178.102.6 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAzTBd2hor7lh2ien9j9ghkrqNGIh0t3AbUfwlABMnHIcSA9CATSctmwfHWkjob9CLCYIVF38hQPAbvSV9WyNu2BGHzuiXPPnvIxM06U4ot6Xs8B0Wcj3MtrBzbMCcl1b6tVNREPSwxDiUiDdmWgQpkbFIr+qX/D7CrJLfc5ON/VF/ZSe46hJw8YUoDa19hCXfZe0P4UK9iXLfhrjPKMl+x6/2F/CKwmtAdCXpWd1D3M/fozTSjiG2BBszWTZFCDKdtBOhB2tpndyzatkpFR6Ik7JR5/YzwZghayWs9PZyOb7M4RHnPAzZX0yy9lrHyi+///VKSyxv2xUxXXGc6AiBhw==
_________________________________________________
now:
local ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAzTBd2hor7lh2ien9j9ghkrqNGIh0t3AbUfwlABMnHIcSA9CATSctmwfHWkjob9CLCYIVF38hQPAbvSV9WyNu2BGHzuiXPPnvIxM06U4ot6Xs8B0Wcj3MtrBzbMCcl1b6tVNREPSwxDiUiDdmWgQpkbFIr+qX/D7CrJLfc5ON/VF/ZSe46hJw8YUoDa19hCXfZe0P4UK9iXLfhrjPKMl+x6/2F/CKwmtAdCXpWd1D3M/fozTSjiG2BBszWTZFCDKdtBOhB2tpndyzatkpFR6Ik7JR5/YzwZghayWs9PZyOb7M4RHnPAzZX0yy9lrHyi+///VKSyxv2xUxXXGc6AiBhw==
local.rhsoft.net ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAzTBd2hor7lh2ien9j9ghkrqNGIh0t3AbUfwlABMnHIcSA9CATSctmwfHWkjob9CLCYIVF38hQPAbvSV9WyNu2BGHzuiXPPnvIxM06U4ot6Xs8B0Wcj3MtrBzbMCcl1b6tVNREPSwxDiUiDdmWgQpkbFIr+qX/D7CrJLfc5ON/VF/ZSe46hJw8YUoDa19hCXfZe0P4UK9iXLfhrjPKMl+x6/2F/CKwmtAdCXpWd1D3M/fozTSjiG2BBszWTZFCDKdtBOhB2tpndyzatkpFR6Ik7JR5/YzwZghayWs9PZyOb7M4RHnPAzZX0yy9lrHyi+///VKSyxv2xUxXXGc6AiBhw==
srv-rhsoft ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEA4O6jxM5DCqDliRKUpcoOcKZHY+HZ9qBaLMHH11172osiKcbEMWIrrNOdHbtPnxnLyrpdjZqDBh4EVH9i8wqsjjbpzFHOaRQF11GoCFMEDudaLGHzYVM63Mp/Ptm+BkAabnNcVA5lCOkFmsZXzIH2oHK9xCt8ag6fjR1/j/WeSTBKSUAfwvBxsyqoeJj3fNh1XHsZQBCBPtVm9BlWtlUzy4BdiUL9XbBUIt2DlquyR1AWEMdogw5sp4Gi/Ki3R74opOfNp3eHJ164v/Db7htYkvnPFPkh5f4cx6ZHlyvjD96iz3xon/j94o22hxv4iT8Ah2aE8wqV4d3XUxUiKkbFYQ==
srv-rhsoft.rhsoft.net ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAzTBd2hor7lh2ien9j9ghkrqNGIh0t3AbUfwlABMnHIcSA9CATSctmwfHWkjob9CLCYIVF38hQPAbvSV9WyNu2BGHzuiXPPnvIxM06U4ot6Xs8B0Wcj3MtrBzbMCcl1b6tVNREPSwxDiUiDdmWgQpkbFIr+qX/D7CrJLfc5ON/VF/ZSe46hJw8YUoDa19hCXfZe0P4UK9iXLfhrjPKMl+x6/2F/CKwmtAdCXpWd1D3M/fozTSjiG2BBszWTZFCDKdtBOhB2tpndyzatkpFR6Ik7JR5/YzwZghayWs9PZyOb7M4RHnPAzZX0yy9lrHyi+///VKSyxv2xUxXXGc6AiBhw==
ns3 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAzTBd2hor7lh2ien9j9ghkrqNGIh0t3AbUfwlABMnHIcSA9CATSctmwfHWkjob9CLCYIVF38hQPAbvSV9WyNu2BGHzuiXPPnvIxM06U4ot6Xs8B0Wcj3MtrBzbMCcl1b6tVNREPSwxDiUiDdmWgQpkbFIr+qX/D7CrJLfc5ON/VF/ZSe46hJw8YUoDa19hCXfZe0P4UK9iXLfhrjPKMl+x6/2F/CKwmtAdCXpWd1D3M/fozTSjiG2BBszWTZFCDKdtBOhB2tpndyzatkpFR6Ik7JR5/YzwZghayWs9PZyOb7M4RHnPAzZX0yy9lrHyi+///VKSyxv2xUxXXGc6AiBhw==
ns3.rhsoft.net ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAzTBd2hor7lh2ien9j9ghkrqNGIh0t3AbUfwlABMnHIcSA9CATSctmwfHWkjob9CLCYIVF38hQPAbvSV9WyNu2BGHzuiXPPnvIxM06U4ot6Xs8B0Wcj3MtrBzbMCcl1b6tVNREPSwxDiUiDdmWgQpkbFIr+qX/D7CrJLfc5ON/VF/ZSe46hJw8YUoDa19hCXfZe0P4UK9iXLfhrjPKMl+x6/2F/CKwmtAdCXpWd1D3M/fozTSjiG2BBszWTZFCDKdtBOhB2tpndyzatkpFR6Ik7JR5/YzwZghayWs9PZyOb7M4RHnPAzZX0yy9lrHyi+///VKSyxv2xUxXXGc6AiBhw==
62.178.102.6 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAzTBd2hor7lh2ien9j9ghkrqNGIh0t3AbUfwlABMnHIcSA9CATSctmwfHWkjob9CLCYIVF38hQPAbvSV9WyNu2BGHzuiXPPnvIxM06U4ot6Xs8B0Wcj3MtrBzbMCcl1b6tVNREPSwxDiUiDdmWgQpkbFIr+qX/D7CrJLfc5ON/VF/ZSe46hJw8YUoDa19hCXfZe0P4UK9iXLfhrjPKMl+x6/2F/CKwmtAdCXpWd1D3M/fozTSjiG2BBszWTZFCDKdtBOhB2tpndyzatkpFR6Ik7JR5/YzwZghayWs9PZyOb7M4RHnPAzZX0yy9lrHyi+///VKSyxv2xUxXXGc6AiBhw==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20131112/64fdac42/attachment.sig>
More information about the devel
mailing list