help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Changing IP and Hostname...


From: Christian Pearce
Subject: Re: Changing IP and Hostname...
Date: Wed, 28 Apr 2004 12:02:09 -0400

I understand that.  But if someone sits between you and the host
couldn't they do something to the public key and create a man in the
middle attack.  You trust the wire to do the right thing.  If I do it
myself then I can trust it more.

Having that in mind, the documentation for Cfengine talks about coping
the public key manually.  You can get around this if you add the IP to
TrustKeysFrom in cfservd.conf. Which implies you don't trust the key
getting copied from the server automatically.

I personally trust, but I was wondering how much of a good thing it is
and I wanted to get a cross section of who does what.


On Wed, 2004-04-28 at 11:52, address@hidden wrote:
>  > From: [i think] Christian Pearce 
>  > > > How many people trust the public keys to be transfered across there
>  > > > networks?  For that matter do you trust you public host key for SSH. I
>  > > > guess this is more of a security question.  I have a good level of tru
>  > st
>  > > > for my network and I am usually the first one to run the cfagent.  Plu
>  > s
>  > > > I only allow the IP I want on to contact cfengine.  I don't blanket
>  > > > allow a class C.
> 
>  > On Wed, 2004-04-28 at 07:47, address@hidden wrote:
>  > > Why would you care about a public key? If you trust ssh, then you
>  > > should trust cfengine.
> 
>  > From: Christian Pearce
>  > I don't but you are suppose to copy the public key into place so you can
>  > verify the original.  Is this not correct?  [...]
> 
> I don't think this is correct.  Or, rather, it happens automagically:
> when you ssh to new system, you accept it's public key, and ssh
> puts the key in known_hosts.  And thus you don't have to (manually)
> verify the public key.
> 
>  > I get the feeling that most
>  > people just trust the public key coming from the server is correct and
>  > therefore safe.  I was just curious how many people are paranoid.
> 
> As I understand it, you have to trust local notion of the remote
> public key just once.  After that, if they differ then software
> should refuse to trust the remote system.  Change the local notion
> of a public key for a remote system (edit known_hosts) and ssh will
> complain very loudly:
> 
>  @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>  @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
>  @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>  IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> 
> steve
> - - -
-- 
Christian Pearce
http://www.commnav.com
http://www.perfectorder.com






reply via email to

[Prev in Thread] Current Thread [Next in Thread]