[linux] [vyriesene] ssh - kontrola fingerprintov per port

[Tomas Zatko]

ssh -p9876 -oUserKnownHostsFile=~/.ssh/h-redir woody na h-redir
(takto vlastne ani netreba tie zaznamy v /etc/hosts)

.t..

Tomas Zatko wrote:

> zdravim
>
> na jednej ip na viacerych portoch pocuvaju rozne sshd (teda kazdy ma 
> iny fingerprint).
> problem:
>
> rm ~/.ssh/known_hosts
> ssh -p2222 1.2.3.4
> The authenticity of host '1.2.3.4 (1.2.3.4)' can't be established.
> RSA key fingerprint is aa:bb:cc:dd:aa:bb:cc:dd:aa:bb:cc:dd:aa:bb:cc:dd.
> Are you sure you want to continue connecting (yes/no)? yes
> Warning: Permanently added '1.2.3.4' (RSA) to the list of known hosts.
>
> (teraz keyauth)
> ..a sme dnu
>
> lenze:
>
> ssh -p2223 1.2.3.4
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> atd,atd
>
>
> skusal som to riesit tak, ze som do /etc/hosts pridal zaznamy
> fake-a 1.2.3.4
> fake-b 1.2.3.4
> fake-c 1.2.3.4
>
> a prihlasovat sa na
> ssh -p2222 fake-a
> (vpohode)
> ssh -p2223 fake-b
> (spyta sa ma ci sa mi paci fingerprint)
> Warning: the RSA host key for 'fake-b' differs from the key for the IP 
> address '1.2.3.4'
> Offending key for IP in /home/woody/.ssh/known_hosts:53
> Are you sure you want to continue connecting (yes/no)?
>
> poviem yes a ficim dalej.
>
> problem vsak je ze potrebujem uplne automaticke prihlasenie. bez zasahu.
>
>
> idealne by bolo checkovat (a ukladat do ~/.ssh/known_hosts) hostname, 
> ip aj port spolu s fingerprintom
> to vsak "od prirody" nejde a pred velkolepym prepisovanim ssh-cka by 
> som radsej nasiel nejaku prijemnejsiu cestu.
>
> riesil to uz niekto? a vyriesil? ;-)
>
> vopred vdaka za napady
> prajem prijemny den
> .t..
>
> _______________________________________________
> https://lists.linux.sk/mailman/listinfo/linux
> Prehladavanie archivu: http://search.lists.linux.sk
> Meta FAQ: http://www.sklug.sk/lists/linux/metafaq.html
>