Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Hostkeys for Interfaces?

from [Alexander Klimov] Network Security [Permanent Link]
Subject: Re: Hostkeys for Interfaces?
Date: Wed, 9 Feb 2005 16:18:25 +0200 (IST) 
On Mon, 7 Feb 2005, Martin [iso-8859-1] Schr?der wrote:

we have a central CVS server (cvs) which is accessed by ssh. Now
if the CVS repository is moved to a different machine (e.g.
because the original machine is broken) the new CVS server has a
different hostkey (since it's a different machine), which causes
all clients to update their key for "cvs", which is a lot of
trouble.

PHB suggests to use the same hostkey on all possible cvs servers. :-{

One possible solution I can think of is use run a seperate sshd
just for cvs with a hostkey shared between all cvs servers.

But it would be even nicer if one could use a different hostkey
for different interfaces, since the cvs server will always run
on a special ip address. Is this possible now or is such a patch
likely?


Frankly, I dont sure I understand the problem, so just several
ideas about it:

AFAIK hostkey couples with the name the client uses for ssh, e.g.,
`ssh 127.0.0.1' and `ssh localhost' introduces two different hostkeys.

I think it is quite reasonable that if several hosts make a cluster
(that is cleint should not be able to distinguish among them) then
they should share the hostkey (and hostname).

It is easy to run several sshd on different interfaces or ports by
using in sshd_config:

Port some-port
ListenAddress ip-of-the-interface

-- 
Regards,
ASK
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Using existing keys, Antony Gelberg
Next by Date:  Re: Hostkeys for Interfaces?, Martin Schröder
Previous by Thread:  Hostkeys for Interfaces?, Martin Schröder
Next by Thread:  Re: Hostkeys for Interfaces?, Martin Schröder
Indexes:  [Date] [Thread] [Top] [All Lists]