Mailinglist Archive: opensuse-security (334 mails)

< Previous Next >
Re: [suse-security] Antwort: [suse-security] SSH - changed finger print
  • From: "Klaus J. Mueller" <kjm@xxxxxxxxxxxxxxxxxxxxxxx>
  • Date: Wed, 24 Sep 2003 14:57:36 +0200
  • Message-id: <3F7194C0.1020305@xxxxxxxxxxxxxxxxxxxxxxx>
Hi,


Joachim.Winter@xxxxxxxxxxxxxx schrieb:
> Perhaps the Putty-File is destroyed. You can find it in the putty-dir
> with the extension "REG". Try to restore this file and then to
> reconnect.

in this case you should definitely make sure, that the fingerprint is
o.k. - otherwise you might be running into a man-in-the-middle attack.
You should make sure, that you're using the same protocol (version 2,
DSA / RSA) as on the other machine.

If you're using a different method here, this might be the cause for the
difference. Try to force putty to use Version 2 and DSA on both windows
clients. They should present the same fingerprints then.

You can also compare the fingerprint to the one that is presented when
connecting from the ssh server to localhost (StrictHostKeyChecking in
ssh_config has to be set to "ask").

Don't just ignore this warning.


Regards, K.



> Hello list,
>
> today during login to server by ssh, I've noticed that fingerprint of
> my key server has changed.
> I comapred keys with previous backups - keys are the same.
>
> It is strange, different fingerprint warning I get when I use PuTTY on
> my W2k workstation. When I try to login from my SuSE workstation I
> didn't get any warning.
>
> I use SuSE 8.2 Pro and latest patches to OpenSSH I have installed.

--
Dipl.-Ing.(FH) Klaus J. Mueller
http://internet-sicherheit.net



< Previous Next >
References