Next Previous Contents

8.5   SSH-Key Changes     (added 19 October 2005)

Question:
From Nathan Hellwig, 12 Nov 2004 14:06:51

SSH keys change periodically for the machines (rainbow, eldorado, etc.). This means that when I try to ssh onto one of the TCC machines, and the SSH key has changed, I have to delete its entry in my .ssh/known_hosts file and retry. The only issue here is that repeatedly having to change the SSH key removes the security behind having a known SSH key. How do I know the difference between an upgraded machine who's SSH key really changed and a third party intercepting the transmission? Perhaps something could be done to prevent such periodic changing of the SSH keys.

Answer:
From Michael Martinez, 12 Nov 2004 16:58:48

We will notify the UCs whenever we change a host key and update the motd and this will suffice to let users know the change is deliberate.


Next Previous Contents