Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

The order of resolving known hosts

0 views
Skip to first unread message

Markus Friedl

unread,
Dec 28, 2000, 9:00:48 AM12/28/00
to
the original behaviour allows a user to overwrite the hostkey
settings if the admin is clueless or lazy. however, not all admins
are clueless or lazy.

In <pgzg0jf...@sirppi.helsinki.fi> Atro Tossavainen <Atro.Tos...@iki.fi.invalid> writes:

>During the conversation on dsniff on Bugtraq, somebody pointed out that
>the users' own known_hosts files may not be exactly a reliable source of
>this information at all times. (This is talking about v1, obviously.)

>I remembered I'd seen a situation where I had changed the host key of
>a computer, then delivered the new key to all hosts in the centrally
>maintained /etc/ssh_known_hosts, but users would still come to complain
>about the error message.

>By default, SSH consults the user's own file first. Obviously this is
>not what I want, so I flipped the order. The relevant parts are in
>sshconnect.c, in v1.2.30 around line 1370, where it says

> /* Check if the host key is present in the user's list of known hosts
> or in the systemwide list. */
> host_status = check_host_in_hostfile(original_real_uid,
> options->user_hostfile,
> host, host_key.bits,
> &host_key.e, &host_key.n);
> if (host_status == HOST_NEW)
> host_status = check_host_in_hostfile(original_real_uid,
> options->system_hostfile, host,
> host_key.bits, &host_key.e,
> &host_key.n);

>The obvious fix is to check system_hostfile first, user_hostfile later.

>I'd appreciate any feedback on why this would not be a good idea, and
>maybe even why this was the original design decision.

>--
>Atro Tossavainen (Mr.) / The Institute of Biotechnology at
>Systems Analyst, Techno-Amish & / the University of Helsinki, Finland,
>+358-9-19158939 UNIX Dinosaur / employs me, but my opinions are my own.
>< URL : http : / / www . iki . fi / atro . tossavainen / >

phil-new...@ipal.net

unread,
Dec 28, 2000, 4:28:44 PM12/28/00
to
On 28 Dec 2000 14:00:48 GMT Markus Friedl <msfr...@cip.informatik.uni-erlangen.de> wrote:

| the original behaviour allows a user to overwrite the hostkey
| settings if the admin is clueless or lazy. however, not all admins
| are clueless or lazy.

True. Perhaps a better logic would be to have both files checked, and if
either one works accept it? I can see a risk in even that, so the logic
would probably still need to be configurable.

--
-----------------------------------------------------------------
| Phil Howard - KA9WGN | Dallas | http://linuxhomepage.com/ |
| phil-...@ipal.net | Texas, USA | http://phil.ipal.org/ |
-----------------------------------------------------------------

0 new messages