Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: how to automate public key authentication when server dual-boots tw

from [Mailing List] Network Security [Permanent Link]
Subject: Re: how to automate public key authentication when server dual-boots two linuxes
Date: Thu, 08 Jun 2006 15:42:34 +0200 
Hi John,

you have to overwrite both the public key and the private key. In fact,
the first time you connect to a ssh enabled server, this server sends its
own fingerprint calculate from the public key, if you accept it, this server
with this key will be trust by you. In this way, if the key change, it should
mean someone get the ip and try to get your password, or someone modify your
server. In your case, it is only you who have generated two different sets of
keys for the same IP. The simplest way to do, is to put in place the same key
pair, as you suggested. Then, you know (ie you trust) your two linux install ...
The file containings the trust servers is ~/.ssh/known_hosts, you can also
delete the entry of the server in this file to allow to connect to both
server, but each time you reboot, you have to delete the entr, then to say
again yes the first time you reconnect.

I hope it is clear (not evident :) )

Best regards

Denis Sacchet

John Lumby said the following on 07.06.2006 18:03: 
I have a hopefully simple question on setup for sshd.

I recently switched my server from rshd to sshd and it works fine. I am using public key authentication.

However the wrinkle is that this server has two different linux partitions which I need to alternate between (strictly only one at a time, not a virtual machine setup). With rshd they both appeared to be identical as far as rsh authentication. With sshd, when I booted the second one, and then tried an ssh to it from another machine, of course I got

WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
 ... rsa fingerprint ...   etc etc.

I realize that this is exactly what sshd is designed to do, to detact impersonation of the server, but unfortunately that's exactly what I need to do (but of course don't want any other impersonator to be recognized).

I could try just overwriting the second server partition's
/usr/local/etc/ssh_host_rsa_key.pub
with the first one - but is that the right way? Would that cause other problems? Hoping someone else has come across this and there is some recognized solution to this.

John



[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Using RSA key _and_ password, Robert Hajime Lanning
Next by Date:  Re: Port Forwarding - Firewall Traversal, Scott Baker
Previous by Thread:  Re: how to automate public key authentication when server dual-boots two linuxes, Robert Hajime Lanning
Next by Thread:  Problem with Openssh 3.9p1, Solaris 8 and expired passwords for user names greater than 8 chars, colum . scriven
Indexes:  [Date] [Thread] [Top] [All Lists]