|
|
Secure Shell
Clusters, known_hosts, host keys, and "REMOTE HOST IDENTIFICATION HAS CHANGED" Sep 17 2009 11:53PM Steve Bonds (05gekfc02 sneakemail com) (2 replies) RE: Clusters, known_hosts, host keys, and "REMOTE HOST IDENTIFICATION HAS CHANGED" Sep 18 2009 06:25PM Males, Jess (jmales cio sc gov) (1 replies) Re: Clusters, known_hosts, host keys, and "REMOTE HOST IDENTIFICATION HAS CHANGED" Sep 18 2009 08:08PM Steve Bonds (05gekfc02 sneakemail com) Re: Clusters, known_hosts, host keys, and "REMOTE HOST IDENTIFICATION HAS CHANGED" Sep 18 2009 05:08PM H. Kurth Bemis (kurth kurthbemis com) (2 replies) Re: Clusters, known_hosts, host keys, and "REMOTE HOST IDENTIFICATION HAS CHANGED" Sep 18 2009 06:02PM Richard Conto (richard conto gmail com) |
|
Privacy Statement |
> Maybe the issue doesn't really involve modifying OpenSSH at all. If you
> have access to the hosts, wouldn't it be possible to
> pre-generate .known_hosts with all the host keys in your cluster? Then
> each client would have every key in it's .known_hosts, so it wouldn't
> matter which host the client was connecting to.
>
> Then if one of the keys change, you can generate a new .known_hosts.
> Users are still alerted if a key changes on it's own.
I don't have access to all the clients-- but that's not necessarily a
show-stopper. My understanding of how ssh works (and this would be a
great chance to be educated to the contrary) is that it only allows
one host key per hostname or IP and if the first key it finds in the
known_hosts doesn't match, you get the MitM warning. If this is NOT
how it's supposed to work, I'll try my tests again-- maybe I mangled
the extra keys I put into known_hosts for testing...
> Whatever your final solution, please remember to share with the
> class. :]
Absolutely! I've been known to have the same problem twice, and it's
helpful to be able to go back and search for my solution from the last
time. To say nothing of helping out all the other people who end up
with the same problem. :-)
-- Steve
[ reply ]