[ale] ssh - no spoofing check
Bob Toxen
bob at verysecurelinux.com
Sun Oct 24 18:35:28 EDT 2004
On Sat, Oct 23, 2004 at 07:26:17PM -0400, Jim Popovitch wrote:
> I believe the man-in-middle message is derived from accessing a server
> that has a different server key cached in ~/.ssh/known_hosts. You
> should be able access the same box by multiple names/IPs without getting
> that notice. I suspect that you are reusing a host name from one box on
> anther box and that your known_hosts file still has an entry from old
> host.
Yes, the warning about the MITM is if the known_hosts host key is different.
However, SSH is too stupid to correlate with the IP rather than the one of
many names used to derive the IP -- OR --- maybe they are trying to cope
with dynamic IP, in which case their scheme does work. If the latter, it
was a poor design choice as it's rare that a server has a dynamic IP.
I too find this annoying.
Bob Toxen
bob at verysecurelinux.com [Please use for email to me]
http://www.verysecurelinux.com [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
"Microsoft: Unsafe at any clock speed!"
-- Bob Toxen 10/03/2002
> -Jim P.
> On Sat, 2004-10-23 at 16:44 -0400, David Corbin wrote:
> > If I ever reference a host on a ssh command by an alternate name, it "fails"
> > with a message warning about the possibility of a man in the middle attack.
> > Is there any way to tell ssh to not pester me about this, or to list several
> > hostnames for the same RSA key?
> >
> > david
More information about the Ale
mailing list