ssh2

[roland]

On Sat, 20 Sep 2008 08:27:49 +0200, roland <roland at cat.be> wrote:

> On Sat, 20 Sep 2008 01:06:10 +0200, Bill Davidsen <davidsen at tmr.com>  
> wrote:
>
>> roland wrote:
>>
>>> Waw, this is a very exhaustive answer, and I thank you very much for  
>>> this.
>>>  How will have to do some reading.
>>> One thing is for sure, I find the known-hosts in de userdir on windows  
>>> but there are no entries added and I do not find anywhere the dsa or  
>>> rsa or whatever keys.
>>>  I removed all the keys in /etc/ssh/ and
>>> indeed the keys were recreated.
>>>
>> Yes, that is the original problem, the host keys changed.
>>
>>> But Anita continues this difficulty and Putty never did.
>>
>> Anita has no "problem," it is warning you that the host has changed.  
>> Trying to stop the warning instead of fixing the problem is like taking  
>> the battery out of the smoke alarm instead of finding the fire!
>>
>>> Must have to do something with this 3DES.
>>>
>> It has to do with the system being hacked.
>>
>>> I don't understand how Putty can login because there aren't any  
>>> entries in known_hosts under windows which are referring to the hosts  
>>> I'm logging into. ???
>>>
>> That's why putty can't detect that there's a problem, because it  
>> doesn't have the *correct* values, and so doesn't know that there is  
>> now an incorrect host key machine at the end of the socket.
>
> Putty is using ssh2. So if the key of the remote host is not found in  
> known_hosts on the mswindow station, why does nobody complaints? When  
> will the key of the remote host be added in this file known_hosts?
>
> following this doc here after your assumption is not correct, or do I  
> understand something wrong?
>
> If you reinstall, the reinstalled system creates a new set of  
> identification keys. Any clients who had connected to the system with  
> any of the OpenSSH tools before the reinstall will see the following  
> message:
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle  
> attack)!
> It is also possible that the RSA host key has just been changed.
>
also if your read this

The first time you ssh to a remote machine, you will see a message similar  
to the following:
The authenticity of host 'penguin.example.net' can't be established.
DSA key fingerprint is 94:68:3a:3a:bc:f3:9a:9b:01:5d:b3:07:38:e2:11:0c.
Are you sure you want to continue connecting (yes/no)?

Type yes to continue. This will add the server to your list of known hosts  
(~/.ssh/known_hosts) as seen in the following message:
Warning: Permanently added 'penguin.example.net' (RSA) to the list of  
known hosts


none of this happens on this server or on the mswin pc

Roland