ssh2

Bill Davidsen davidsen at tmr.com
Sat Sep 20 18:51:34 UTC 2008 

roland wrote:
> On Sat, 20 Sep 2008 08:27:49 +0200, roland <roland at cat.be> wrote:
> 
>> On Sat, 20 Sep 2008 01:06:10 +0200, Bill Davidsen <davidsen at tmr.com> 
>> wrote:
>>
>>> roland wrote:
>>>
>>>> Waw, this is a very exhaustive answer, and I thank you very much for 
>>>> this.
>>>>  How will have to do some reading.
>>>> One thing is for sure, I find the known-hosts in de userdir on 
>>>> windows but there are no entries added and I do not find anywhere 
>>>> the dsa or rsa or whatever keys.
>>>>  I removed all the keys in /etc/ssh/ and
>>>> indeed the keys were recreated.
>>>>
>>> Yes, that is the original problem, the host keys changed.
>>>
>>>> But Anita continues this difficulty and Putty never did.
>>>
>>> Anita has no "problem," it is warning you that the host has changed. 
>>> Trying to stop the warning instead of fixing the problem is like 
>>> taking the battery out of the smoke alarm instead of finding the fire!
>>>
>>>> Must have to do something with this 3DES.
>>>>
>>> It has to do with the system being hacked.
>>>
>>>> I don't understand how Putty can login because there aren't any 
>>>> entries in known_hosts under windows which are referring to the 
>>>> hosts I'm logging into. ???
>>>>
>>> That's why putty can't detect that there's a problem, because it 
>>> doesn't have the *correct* values, and so doesn't know that there is 
>>> now an incorrect host key machine at the end of the socket.
>>
>> Putty is using ssh2. So if the key of the remote host is not found in 
>> known_hosts on the mswindow station, why does nobody complaints? When 
>> will the key of the remote host be added in this file known_hosts?
>>
>> following this doc here after your assumption is not correct, or do I 
>> understand something wrong?
>>
>> If you reinstall, the reinstalled system creates a new set of 
>> identification keys. Any clients who had connected to the system with 
>> any of the OpenSSH tools before the reinstall will see the following 
>> message:
>> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>> @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
>> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
>> Someone could be eavesdropping on you right now (man-in-the-middle 
>> attack)!
>> It is also possible that the RSA host key has just been changed.
>>
> also if your read this
> 
> The first time you ssh to a remote machine, you will see a message 
> similar to the following:
> The authenticity of host 'penguin.example.net' can't be established.
> DSA key fingerprint is 94:68:3a:3a:bc:f3:9a:9b:01:5d:b3:07:38:e2:11:0c.
> Are you sure you want to continue connecting (yes/no)?
> 
> Type yes to continue. This will add the server to your list of known 
> hosts (~/.ssh/known_hosts) as seen in the following message:
> Warning: Permanently added 'penguin.example.net' (RSA) to the list of 
> known hosts
> 
> 
> none of this happens on this server or on the mswin pc
> 
This is client behavior of the shh Fedora client. Neither amanda nor putty need 
to do this behavior to use the ssh2 protocol. I think putty does store the host 
key, but I haven't used it in some time.

> Roland
> 


-- 
Bill Davidsen <davidsen at tmr.com>
   "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot

More information about the fedora-list mailing list