Re: [savannah-help-public] Fwd: git.sv.gnu.org ssh host key

savannah-hackers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [savannah-help-public] Fwd: git.sv.gnu.org ssh host key

From:	Bob Proulx
Subject:	Re: [savannah-help-public] Fwd: git.sv.gnu.org ssh host key
Date:	Tue, 14 Feb 2017 12:16:19 -0700
User-agent:	NeoMutt/20170113 (1.7.2)

ayleph wrote:
> I have the following entry from my known_hosts file, and I connected as
> recently as January 16th with no warning message.
> 
> git.sv.gnu.org,208.118.235.72 ssh-rsa 
> AAAAB3NzaC1yc2EAAAABIwAAAIEAzFQovi+67xa+wymRz9u3plx0ntQnELBoNU4SCl3RkwSFZkrZsRTC0fTpOKatQNs1r/BLFoVt21oVFwIXVevGQwB+Lf0Z+5w9qwVAQNu/YUAFHBPTqBze4wYK/gSWqQOLoj7rOhZk0xtAS6USqcfKdzMdRWgeuZ550P6gSzEHfv0=

I know you have but for others reading this I would recommend that
they do migrate their known host keys to the newer ed25519 host key.
At some point we are going to need to generate a longer host key and
change the existing one.

> I see that if I attempt to ssh into git.sv.gnu.org and manually specify
> the host key algorithm to be ssh-rsa such as `ssh -v git.sv.gnu.org
> -oHostKeyAlgorithms=ssh-rsa`, then I receive a message that the RSA host
> key matches the one stored in my known_hosts file. My ssh client
> configuration file specifies ssh-ed25519 before ssh-rsa, so perhaps this
> is why it complains about the key changing even though I have a matching
> key in my known_hosts file. I will modify my known_hosts file and accept
> the ed25519 key now that I have confirmed it matches the value in the
> referenced email thread.

If you were to remove the ",208.118.235.72" part, and set
CheckHostIP=no then ssh would verify the host key using the above
stored key.  I think having the IP address and CheckHostIP=yes is
causing ssh to ignore that line and ignore the previous stored host
key for that host.

I disagree with strategy of doing IP address verification because IP
addresses are not a secure feature.  Not only can they be spoofed but
they might need to validly change.  Best not to pin the IP address.
Verifying the host key is the only thing that makes sense to me.

I think the only reason ssh does IP address TOFU by default is that
ssh replaced rsh & rlogin from the Berkeley 'r'command suite and those
used IP addresses as the *only* security measure therefore ssh did it
to follow.

Bob

[Prev in Thread]

Current Thread

[Next in Thread]

[savannah-help-public] Fwd: git.sv.gnu.org ssh host key, ayleph, 2017/02/13
- Re: [savannah-help-public] Fwd: git.sv.gnu.org ssh host key, Bob Proulx, 2017/02/13
  - Re: [savannah-help-public] Fwd: git.sv.gnu.org ssh host key, ayleph, 2017/02/14
    - Re: [savannah-help-public] Fwd: git.sv.gnu.org ssh host key, Bob Proulx <=

Prev by Date: [savannah-help-public] [sr #109257] cgit sometimes serves a stale page for five minutes
Next by Date: [savannah-help-public] [sr #109262] groff website not updating after cvs commit
Previous by thread: Re: [savannah-help-public] Fwd: git.sv.gnu.org ssh host key
Next by thread: [savannah-help-public] [sr #109257] cgit sometimes serves a stale page for five minutes
Index(es):
- Date
- Thread