Mailinglist Archive: opensuse-bugs (5772 mails)

< Previous Next >
[Bug 632713] New: SSH default now obfuscate (crypt) hostname is .ssh/know_hosts missing tools
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Thu, 19 Aug 2010 08:14:14 +0000
  • Message-id: <bug-632713-21960@xxxxxxxxxxxxxxxxxxxxxxxx/>

https://bugzilla.novell.com/show_bug.cgi?id=632713

https://bugzilla.novell.com/show_bug.cgi?id=632713#c0


Summary: SSH default now obfuscate (crypt) hostname is
.ssh/know_hosts missing tools
Classification: openSUSE
Product: openSUSE 11.3
Version: Final
Platform: All
OS/Version: openSUSE 11.3
Status: NEW
Severity: Major
Priority: P5 - None
Component: Security
AssignedTo: security-team@xxxxxxx
ReportedBy: bruno@xxxxxxxxxxx
QAContact: qa@xxxxxxx
Found By: ---
Blocker: ---


User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.8)
Gecko/20100723 SUSE/3.6.8-1.3 Firefox/3.6.8

In default install know_hosts are now obfuscate & encrypted.
Good things for security.

but we miss to give user the ability to erase a key for an existent host which
we are sure we change it's key ( thing about vm etc .. )

Before the user can just edit it's file and remove the line. Now he can't find
this by human way.

So we must have those type of utilities as described here
http://nms.lcs.mit.edu/projects/ssh/README.hashed-hosts

If we don't deliver them, every user will finish by removing the security in
/etc/ssh/ssh_config.


Reproducible: Always

Steps to Reproduce:
1. open a ssh session on a host you trust
2. accept it's public key
3. reinstall this host with a new key
4. try to open a ssh session, public keys have change, you know and accept that
5. try to retreive the older key to remove it
6. There's no way to edit or find it
Actual Results:
You have to remove all keys, leading to a loose in security.

Expected Results:
Have scripts to be able as user to manage the content of .ssh/known_hosts
Have this scripts installed by default if openssh rpm is installed.

--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >