[linux] ssh - kontrola fingerprintov per port
Tomas Zatko
woody_tz na zoznam.sk
Pátek Listopad 18 05:51:16 CET 2005
zdravim
na jednej ip na viacerych portoch pocuvaju rozne sshd (teda kazdy ma iny
fingerprint).
problem:
rm ~/.ssh/known_hosts
ssh -p2222 1.2.3.4
The authenticity of host '1.2.3.4 (1.2.3.4)' can't be established.
RSA key fingerprint is aa:bb:cc:dd:aa:bb:cc:dd:aa:bb:cc:dd:aa:bb:cc:dd.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '1.2.3.4' (RSA) to the list of known hosts.
(teraz keyauth)
..a sme dnu
lenze:
ssh -p2223 1.2.3.4
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
atd,atd
skusal som to riesit tak, ze som do /etc/hosts pridal zaznamy
fake-a 1.2.3.4
fake-b 1.2.3.4
fake-c 1.2.3.4
a prihlasovat sa na
ssh -p2222 fake-a
(vpohode)
ssh -p2223 fake-b
(spyta sa ma ci sa mi paci fingerprint)
Warning: the RSA host key for 'fake-b' differs from the key for the IP
address '1.2.3.4'
Offending key for IP in /home/woody/.ssh/known_hosts:53
Are you sure you want to continue connecting (yes/no)?
poviem yes a ficim dalej.
problem vsak je ze potrebujem uplne automaticke prihlasenie. bez zasahu.
idealne by bolo checkovat (a ukladat do ~/.ssh/known_hosts) hostname, ip
aj port spolu s fingerprintom
to vsak "od prirody" nejde a pred velkolepym prepisovanim ssh-cka by som
radsej nasiel nejaku prijemnejsiu cestu.
riesil to uz niekto? a vyriesil? ;-)
vopred vdaka za napady
prajem prijemny den
.t..
Další informace o konferenci linux