[linux] ssh - kontrola fingerprintov per port

Tomas Zatko woody_tz na zoznam.sk
Pátek Listopad 18 05:51:16 CET 2005


zdravim

na jednej ip na viacerych portoch pocuvaju rozne sshd (teda kazdy ma iny 
fingerprint).
problem:

rm ~/.ssh/known_hosts
ssh -p2222 1.2.3.4
The authenticity of host '1.2.3.4 (1.2.3.4)' can't be established.
RSA key fingerprint is aa:bb:cc:dd:aa:bb:cc:dd:aa:bb:cc:dd:aa:bb:cc:dd.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '1.2.3.4' (RSA) to the list of known hosts.

(teraz keyauth)
..a sme dnu

lenze:

ssh -p2223 1.2.3.4
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
atd,atd


skusal som to riesit tak, ze som do /etc/hosts pridal zaznamy
fake-a 1.2.3.4
fake-b 1.2.3.4
fake-c 1.2.3.4

a prihlasovat sa na
ssh -p2222 fake-a
(vpohode)
ssh -p2223 fake-b
(spyta sa ma ci sa mi paci fingerprint)
Warning: the RSA host key for 'fake-b' differs from the key for the IP 
address '1.2.3.4'
Offending key for IP in /home/woody/.ssh/known_hosts:53
Are you sure you want to continue connecting (yes/no)?

poviem yes a ficim dalej.

problem vsak je ze potrebujem uplne automaticke prihlasenie. bez zasahu.


idealne by bolo checkovat (a ukladat do ~/.ssh/known_hosts) hostname, ip 
aj port spolu s fingerprintom
to vsak "od prirody" nejde a pred velkolepym prepisovanim ssh-cka by som 
radsej nasiel nejaku prijemnejsiu cestu.

riesil to uz niekto? a vyriesil? ;-)

vopred vdaka za napady
prajem prijemny den
.t..




Další informace o konferenci linux