Re: [SLUG] SSH Question

From: billt (billt@ifelse.org)
Date: Wed Aug 15 2001 - 05:24:17 EDT


On Wed, Aug 15, 2001 at 03:23:33AM -0400, Russell Hires wrote:

> I can't sleep, so I have a question: I'm wanting to make sure that the
> machine I'm logging into for the first time is the one I want. So, when I ssh
> me@remotebox, I'm presented with

funny, I can't sleep either. I have given up actually... the coffee is a-brewin'

>
> The authenticity of host 'painter (199.164.107.21)' can't be established.
> RSA1 key fingerprint is c4:07:c6:65:26:58:8c:2a:ea:f0:37:12:d1:8b:e2:88.
> Are you sure you want to continue connecting (yes/no)?
>
> I want to know how to get remotebox to show me the key fingerprint when I'm
> physically at the console for that computer. That way I can match the key
> fingerprint I'm presented at the very first ssh login with a key fingerprint
> I know to be authentic.

When you answer 'yes' to that question, ssh adds the information
about the key to a file called known_hosts or known_hosts2 (in
~/.ssh) depending on if your are connecting with ssh or ssh2
protocol. Next time you connect to that machine, ssh compares the
key information in that file against the key fingerprint the remote
host presents. If the keys or ip address differs, it warns you,
often with a nice melodramatic alert in all caps and bad acsii
art. For me, that is enough. But if you want to record by hand
the key fingerprints and be presented with them every time you
log in, the you could probably link ${HOME}/.ssh/known_hosts and
${HOME}/.ssh/known_hosts2 to /dev/null so when ssh tries to record
a new key, the key info is automatically discarded.

Probably not the easiest way to keep on top of the key information,
though.

> Any ideas?
>
> Russell



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:25:17 EDT