Bug 1090462
Summary: | There is no SSH fingerprint key warning, while installing agent on remote box via GUI | ||
---|---|---|---|
Product: | [Other] RHQ Project | Reporter: | Jeeva Kandasamy <jkandasa> |
Component: | Core UI | Assignee: | John Mazzitelli <mazz> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Mike Foley <mfoley> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 4.11 | CC: | hrupp |
Target Milestone: | GA | ||
Target Release: | RHQ 4.11 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-07-21 10:14:01 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1070242 |
Description
Jeeva Kandasamy
2014-04-23 11:37:46 UTC
We turn off StrictHostKeyChecking - so it doesn't perform the additional check that you are referring to. Is this a requirement in the PRD? I didn't see this explicitly spelled out, so did not think this was a hard requirement to implement. If this isn't a hard requirement, we can close this as working-as-expected. git commit to master: b041f7751a0d6858dfad65553a9899710c65d6c5 StrictHostKeyChecking is back on. We now popup a dialog warning the user if we've never see this host before OR we have but its fingerprint is now different (which could mean a man-in-the-middle attack or just that the key was changed). The user is given the option to authenticate the host fingerprint and continue, or to abort. The known host keys are stored in the RHQ Server's data/ directory in the file rhq_known_hosts (that is, jbossas/standalone/data/rhq_known_hosts). To test and verify this BZ is fixed, you'll want to look in that file as hosts are authenticated. You can also delete and put in wrong keys to see the behavior when keys are missing or changed. Verified SSH fingerprint key. I this build giving warning dialog as well as key changed warning message. Version Information: Browser: Firefox 29.0 OS: Linux 64 Bit RHQ Server: ------------------------- Version : 4.11.0-SNAPSHOT Build Number : b041f77 GWT Version : 2.5.0 SmartGWT Version : 3.0 Bulk closing of RHQ 4.11 issues, now that RHQ 4.12 is out. If you find an issue with those, please open a new BZ, linking to the old one. |