ssh2

roland roland at cat.be
Sat Sep 20 06:27:49 UTC 2008 

On Sat, 20 Sep 2008 01:06:10 +0200, Bill Davidsen <davidsen at tmr.com> wrote:

> roland wrote:
>
>> Waw, this is a very exhaustive answer, and I thank you very much for  
>> this.
>>  How will have to do some reading.
>> One thing is for sure, I find the known-hosts in de userdir on windows  
>> but there are no entries added and I do not find anywhere the dsa or  
>> rsa or whatever keys.
>>  I removed all the keys in /etc/ssh/ and
>> indeed the keys were recreated.
>>
> Yes, that is the original problem, the host keys changed.
>
>> But Anita continues this difficulty and Putty never did.
>
> Anita has no "problem," it is warning you that the host has changed.  
> Trying to stop the warning instead of fixing the problem is like taking  
> the battery out of the smoke alarm instead of finding the fire!
>
>> Must have to do something with this 3DES.
>>
> It has to do with the system being hacked.
>
>> I don't understand how Putty can login because there aren't any entries  
>> in known_hosts under windows which are referring to the hosts I'm  
>> logging into. ???
>>
> That's why putty can't detect that there's a problem, because it doesn't  
> have the *correct* values, and so doesn't know that there is now an  
> incorrect host key machine at the end of the socket.

Putty is using ssh2. So if the key of the remote host is not found in  
known_hosts on the mswindow station, why does nobody complaints? When will  
the key of the remote host be added in this file known_hosts?

following this doc here after your assumption is not correct, or do I  
understand something wrong?

If you reinstall, the reinstalled system creates a new set of  
identification keys. Any clients who had connected to the system with any  
of the OpenSSH tools before the reinstall will see the following message:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.

Roland

More information about the fedora-list mailing list