Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: known_hosts(5) man page

3 views
Skip to first unread message

Jim Rees

unread,
Oct 24, 2009, 8:41:48 PM10/24/09
to
Given that the hosts are interchangeable from the client's point of view,
shouldn't they both have the same host key?
_______________________________________________
openssh-unix-dev mailing list
openssh-...@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

Bob Proulx

unread,
Oct 25, 2009, 2:08:21 AM10/25/09
to
Jim Rees wrote:
> Given that the hosts are interchangeable from the client's point of view,
> shouldn't they both have the same host key?

Let me second that. A pool of failover servers should have the same
host key. They aren't individual machines at that point. Like
mirrored disks they are logically mirrors of each other.

Bob

Dave Yost

unread,
Oct 25, 2009, 2:44:53 AM10/25/09
to
At 12:08 AM -0600 2009-10-25, Bob Proulx wrote:
>Jim Rees wrote:
>> Given that the hosts are interchangeable from the client's point of view,
>> shouldn't they both have the same host key?
>
>Let me second that. A pool of failover servers should have the same
>host key. They aren't individual machines at that point. Like
>mirrored disks they are logically mirrors of each other.

Hard to say. These aren't really a failover or a load-balanced group. It's more like a server plus other machines that can be pressed into service to fill in for the server in a pinch, in addition to the other stuff they do.

Darren Tucker

unread,
Oct 25, 2009, 6:08:38 AM10/25/09
to
Dave Yost wrote:
> At 12:08 AM -0600 2009-10-25, Bob Proulx wrote:
>> Jim Rees wrote:
>>> Given that the hosts are interchangeable from the client's point of view,
>>> shouldn't they both have the same host key?
>> Let me second that. A pool of failover servers should have the same
>> host key. They aren't individual machines at that point. Like
>> mirrored disks they are logically mirrors of each other.
>
> Hard to say. These aren't really a failover or a load-balanced group.
> It's more like a server plus other machines that can be pressed into
> service to fill in for the server in a pinch, in addition to the
> other stuff they do.

The main question is: are they under the same administrative control?
The host key protects you against MITM, but by definition the server's
administrator can already conduct a MITM (since the server has access to
the decrypted traffic and the admins have access to the host keys). If
the machines are run by the same admins then you're not giving up much
by using the same host keys.

The other option for clusters (no applicable in this case from your
description) is to have "cluster package" that has a sshd bound to the
floating cluster address with its own host keys and have this sshd move
with the ddress.

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Sergio Gelato

unread,
Oct 26, 2009, 12:38:24 PM10/26/09
to
* Darren Tucker [2009-10-25 21:08:38 +1100]:

> Dave Yost wrote:
>> At 12:08 AM -0600 2009-10-25, Bob Proulx wrote:
>>> Jim Rees wrote:
>>>> Given that the hosts are interchangeable from the client's point of view,
>>>> shouldn't they both have the same host key?
>>> Let me second that. A pool of failover servers should have the same
>>> host key. They aren't individual machines at that point. Like
>>> mirrored disks they are logically mirrors of each other.
>>
>> Hard to say. These aren't really a failover or a load-balanced group.
>> It's more like a server plus other machines that can be pressed into
>> service to fill in for the server in a pinch, in addition to the
>> other stuff they do.
>
> The main question is: are they under the same administrative control?
> The host key protects you against MITM, but by definition the server's
> administrator can already conduct a MITM (since the server has access to
> the decrypted traffic and the admins have access to the host keys). If
> the machines are run by the same admins then you're not giving up much
> by using the same host keys.

If they are under the same administrative control but at different security
levels (say, physically accessible workstations vs. a server in a secure
room) sharing the host key may be riskier than you describe.

> The other option for clusters (no applicable in this case from your
> description) is to have "cluster package" that has a sshd bound to the
> floating cluster address with its own host keys and have this sshd move
> with the ddress.

I see that with GSS key exchange (which unfortunately isn't a standard
part of OpenSSH yet, only a popular and widely-deployed patch) and a
DNS CNAME RR the GSSAPI library (MIT 1.6 in my test) resolves the CNAME
before it asks the KDC for a ticket. Then everything is fine, since the
RSA/DSA host keys are ignored and the server is authenticated by GSS instead.

(I suppose one could likewise make OpenSSH traverse CNAMEs before the
known_hosts lookup, but somehow I don't think you'll find the added
complexity worthwhile.)

0 new messages