[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] ssh - no spoofing check

Subject: [ale] ssh - no spoofing check
From: jimpop at yahoo.com (Jim Popovitch)
Date: Sat Oct 23 19:24:36 2004
In-reply-to: <[email protected]>
References: <[email protected]>

I believe the man-in-middle message is derived from accessing a server
that has a different server key cached in ~/.ssh/known_hosts.  You
should be able access the same box by multiple names/IPs without getting
that notice.  I suspect that you are reusing a host name from one box on
anther box and that your known_hosts file still has an entry from old
host.

-Jim P.

On Sat, 2004-10-23 at 16:44 -0400, David Corbin wrote:
> If I ever reference a host on a ssh command by an alternate name, it "fails" 
> with a message warning about the possibility of a man in the middle attack.  
> Is there any way to tell ssh to not pester me about this, or to list several 
> hostnames for the same RSA key?
> 
> david
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale

Follow-Ups:
- [ale] ssh - no spoofing check
  - From: dcorbin at machturtle.com (David Corbin)
- [ale] ssh - no spoofing check
  - From: bob at verysecurelinux.com (Bob Toxen)

References:
- [ale] ssh - no spoofing check
  - From: dcorbin at machturtle.com (David Corbin)

Prev by Date: [ale] ssh - no spoofing check
Next by Date: [ale] Stumped by Slashdot and network problems
Previous by thread: [ale] ssh - no spoofing check
Next by thread: [ale] ssh - no spoofing check
Index(es):
- Date
- Thread