[ale] ssh - no spoofing check

Bob Toxen bob at verysecurelinux.com
Sun Oct 24 22:27:59 EDT 2004 

On Sun, Oct 24, 2004 at 08:22:20PM -0400, Dow Hurst wrote:
> With a dual boot box it is very annoying. ;-)
> Can you duplicate the keys across clients so that server is known by the 
> same key on all clients?
Sure.

> Isn't there a perl script designed to help out with this that is 
> available with SSH?
Don't know.

> Dow
Bob


> Bob Toxen wrote:
> 
> >On Sat, Oct 23, 2004 at 07:26:17PM -0400, Jim Popovitch wrote:
> > 
> >
> >>I believe the man-in-middle message is derived from accessing a server
> >>that has a different server key cached in ~/.ssh/known_hosts.  You
> >>should be able access the same box by multiple names/IPs without getting
> >>that notice.  I suspect that you are reusing a host name from one box on
> >>anther box and that your known_hosts file still has an entry from old
> >>host.
> >>   
> >>
> >Yes, the warning about the MITM is if the known_hosts host key is 
> >different.
> >However, SSH is too stupid to correlate with the IP rather than the one of
> >many names used to derive the IP -- OR --- maybe they are trying to cope
> >with dynamic IP, in which case their scheme does work.  If the latter, it
> >was a poor design choice as it's rare that a server has a dynamic IP.
> >
> >I too find this annoying.
> >
> >Bob Toxen
> >bob at verysecurelinux.com               [Please use for email to me]
> >http://www.verysecurelinux.com        [Network&Linux/Unix security 
> >consulting]
> >http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 
> >2/e"]
> >Quality Linux & UNIX security and SysAdmin & software consulting since 
> >1990.
> >
> >"Microsoft: Unsafe at any clock speed!"
> >  -- Bob Toxen 10/03/2002
> >
> > 
> >
> >>-Jim P.
> >>   
> >>
> >
> > 
> >
> >>On Sat, 2004-10-23 at 16:44 -0400, David Corbin wrote:
> >>   
> >>
> >>>If I ever reference a host on a ssh command by an alternate name, it 
> >>>"fails" with a message warning about the possibility of a man in the 
> >>>middle attack.  Is there any way to tell ssh to not pester me about 
> >>>this, or to list several hostnames for the same RSA key?
> >>>
> >>>david
> >>>     
> >>>
> >_______________________________________________
> >Ale mailing list
> >Ale at ale.org
> >http://www.ale.org/mailman/listinfo/ale
> >
> > 
> >

More information about the Ale mailing list