Re: Sharing the SSH server keys & other questions

From: Richard E. Silverman (res_at_qoxp.net)
Date: 06/26/04

  • Next message: Carlos N: "Re: OpenSSH for Windows - sshd logs" 
    Date: 26 Jun 2004 00:30:40 -0400

    > ... Am I missing the point?

    Yes. :) Your text is confused -- the "reverse" situation actually is
    true; you're just mis-stating it. Rather than try to unravel that, I'll
    just state the facts: the purpose of the host key is to allow an SSH
    client to identify an SSH server. Nothing more. It does not serve as
    access control for deciding which clients may log in; that's what user
    authentication is for. Besides, the host key is a public key -- revealing
    it does not disclose any sensitive information, and possessing it does not
    confer any privileges, so there's no point in concealing it. Quite the
    opposite: it should be as widely known as possible, so that clients may
    easily verify this server's identity. 

    -- 
  Richard Silverman
  res@qoxp.net
  • Next message: Carlos N: "Re: OpenSSH for Windows - sshd logs"

    Relevant Pages

    • [NEWS] SSH Protocol Weakness Vulnerability (MITM)
      ... A weakness in the backward compatibility of the SSH Protocol has been ... SSH version 1.0) is unlikely to have the host key for the other protocol ... The SSH daemons advertise one of two major versions, ...
      (Securiteam)
    • Re: Q: paramiko/SSH/ how to get a remote host_key
      ... SSH client, if you connect for the first time then you get somethign ... ''' The server's host key is not cached in the registry. ... host_key the first time it connects to a remote SSH server. ...
      (comp.lang.python)
    • incorrect "host key changed" for multi-sshd localhost
      ... I have several machines at my College that set up reverse ssh tunnels ... On idallen.com, the first time I connect to one of these localhost ports, ... ssh complains that the host key for "localhost" has changed and refuses ...
      (comp.security.ssh)
    • incorrect "host key changed" for multi-sshd localhost
      ... I have several machines at my College that set up reverse ssh tunnels ... On idallen.com, the first time I connect to one of these localhost ports, ... ssh complains that the host key for "localhost" has changed and refuses ...
      (comp.security.ssh)
    • [SLE] ssh problem
      ... The way I have to do it is to ssh into my firewall then ... ssh to my work computer. ... It is also possible that the RSA host key has just been changed. ...
      (SuSE)