Bug 1426 - ssh key verification hint (on remote side)
Summary: ssh key verification hint (on remote side)
Status: CLOSED WONTFIX
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 4.7p1
Hardware: Other Linux
: P2 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-01-05 04:45 AEDT by js
Modified: 2008-04-04 10:02 AEDT (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description js 2008-01-05 04:45:39 AEDT 
everyone has seen the lines attached to this bug report. 

please add a note to that warning how i can list all fingerprints "FROM" and "ON" the remote side so that i could see what is going on. say i have another ssh session still running so i would not have to accept the new host key first.

the line could look like this:
******************* <please add this to the warning> *******************
You can verify your fingerprint on the remote side with:
ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
(in case your keys are stored somewhere else, adapt the path) 

If the fingerprint from the remote side and the one your client states to be new match there is no 'man in the middle attack' going on and you can safely accept the new fingerprint on the client side with 'yes'.
******************* </please add this to the warning> *******************

====== attachment ==================

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for [domain]:port has changed,
and the key for the according IP address [ip.ip.ip.ip]:port
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
aa:bb:cc:dd:ee:ff:gg:hh:ii:jj:...
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending key in /home/user/.ssh/known_hosts:15
RSA host key for [domain]:port has changed and you have requested strict checking.
Host key verification failed.
Comment 1 Damien Miller 2008-01-20 06:35:25 AEDT 
Sorry, but I think the warning is long enough already and it already suggests the preferred way to avoid the warning (copy the actual pubkey).
Comment 2 Damien Miller 2008-04-04 10:02:07 AEDT 
Close resolved bugs after release.