Re: ssh login problem

From: Tim Schofield (tim@foxtree.co.uk)
Date: 12/09/02 

From: Tim Schofield <tim@foxtree.co.uk>
Date: Mon, 9 Dec 2002 21:33:34 +0000

In article <3deb40cd$1_2@news.vo.lu>, Georges Heinesch <void@geohei.lu>
writes
>Nico Kadel-Garcia wrote:
>> "Georges Heinesch" <void@geohei.lu> wrote in message
>> news:3de9cd6b$1_2@news.vo.lu...
>>> Two questions regarding OpenSSH (Win32)
>>>
>>> 1. first connection attempt asks to continue
>>> --------------------------------------------
>>> D:\Program Files\NetworkSimplicity\ssh>ssh testaccount@gh.org
>>> The authenticity of host 'gh.org (115.116.2.2)' can't be establish
>>> ed.
>>> RSA key fingerprint is a9:...
>>> Are you sure you want to continue connecting (yes/no)? no
>>> Host key verification failed.
>>>
>>> If I reply to the question with "yes", I get a connection and
>>> everything works fine. Is it normal that this query shows up the
>>> first
>>
>> Yup. This is your machine reviewing the public host key of the remote
>> machine, seeing whether it matches the currently known public host
>> keys, and deciding if you believe it. If the machine changes on the
>> other end, such as somebody trying to spoof the hostname, you should
>> see this complain bitterly about keys that don't match. Or if someone
>> installs the SSH server without preserving the keys, you'll also see
>> a complaint at this stage.
>
>I guess the idea here is to confirm that the fingerprint is correct.
>However how shall I verify that the fingerprint is in fact correct?

Ideally, you'd compare the fingerprint displayed with a printout from
the remote machine or similar trusted source.

Most people don't do that I guess... they just trust it the first time.
However, that's a fairly narrow window for attack. If an attacker
subsequently tries to spoof the server, the message will re-appear,
causing suspicion.

[snip second part] 

-- 
Tim S.
Quantcast