Re: Handling SSH yes/no message

From: Nigel Johnson (nigel5_at_dr-deviant.net)
Date: 02/28/04

• Next message: Nigel Johnson: "Re: FTP port forwarding in SSH.. Secure??"
• Previous message: Nigel Johnson: "Remote Desktop and reverse PuTTY tunnels."
• In reply to: Richard E. Silverman: "Re: Handling SSH yes/no message"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 28 Feb 2004 13:59:55 -0000

Richard is right about you changeing host keys each rebuild... when someoone
knows your host as certain thing... rebuilding should not alter its
identity. Any time a host key changes, you should want to know why.

However, ince you are going through the mammoth task of rebuilding a new
server each time, you could just delete your known_hosts every rebuild?

Nigel.

"Richard E. Silverman" <res@qoxp.net> wrote in message
news:m2brnowbg6.fsf@darwin.oankali.net...
> >>>>> "RP" == Ravi Parimi <parimi@none.nowhere.com> writes:
>
> RP> MITM wont be an issue for me because the whole setup is within an
> RP> internal network.
>
> ... which will of course never be hacked. Famous last words. :)
> Seriously, I understand there are tradeoffs, but I wouldn't be too
> complacent about this. Security holes people frequently allow for
> convenience are exactl those for which crackers spend effort developing
> convenient exploits.
>
> >> Better, of course, would be to tune your rebuild process to
> >> preserve the host keys...
>
> RP> Unfortunately, I don't have control over restoring the host keys
> RP> for each build.
>
> I don't know what these machines are used for, of course, but if they have
> a sizeable non-security-conscious user community, constantly changing host
> keys simply teaches them to completely disregard important security
> warnings.
>
> --
> Richard Silverman
> res@qoxp.net
>

• Next message: Nigel Johnson: "Re: FTP port forwarding in SSH.. Secure??"
• Previous message: Nigel Johnson: "Remote Desktop and reverse PuTTY tunnels."
• In reply to: Richard E. Silverman: "Re: Handling SSH yes/no message"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Proving or Debunking the need for rebuilding ... before rebuild, and an "occasional" slowdown after the rebuild. ... Could very well be, Richard. ... Did the rebuild impact the display of screens? ... With no SQL, no execution plans, no trace files etc. to base ... (comp.databases.oracle.server) Re: Proving or Debunking the need for rebuilding ... before rebuild, and an "occasional" slowdown after the rebuild. ... Could very well be, Richard. ... Did the rebuild impact the display of screens? ... Now my suspicious mind is cast towards this night job that "YES, ... (comp.databases.oracle.server) Re: install doesnt work on current, either [was: pkgdb fails ... Dr. Richard E. Hawkins wrote: ... Another harsh deletion and rebuild of ... (comp.unix.bsd.freebsd.misc) Re: LC Burns ... What a HORRIBLE thing to write and wish upon ANYONE Richard! ... Attempting to insult Sue certainly does not do anything to rebuild ... And what exactly WOULD he need to do in order to "rebuild" his credibility? ... (alt.support.chronic-pain)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint