Bug 681493

Summary: Known_hosts error message is misleading
Product: [Fedora] Fedora Reporter: bob mckay <urilabob>
Component: opensshAssignee: Petr Lautrbach <plautrba>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 14CC: mattias.ellert, mgrepl, rvokal, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-08-16 15:05:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description bob mckay 2011-03-02 11:29:01 UTC 
Sorry, I know this is the wrong component, but I can't find the right component for reporting ssh problems; I'm hoping you will know how to redirect.

Description of problem:
ssh error messages for changed keys is highly misleading.

Version-Release number of selected component (if applicable):
Any recent

How reproducible:
Always

Steps to Reproduce:
1. ssh to a host whose host key has changed
2.
3.
  
Actual results:
ssh responds:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
cc:e5:df:24:f6:1a:b4:dd:7d:61:c0:87:bb:98:80:3b.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:9
RSA host key for scteach.snu.ac.kr has changed and you have requested strict checking.
Host key verification failed.

This message is effectively useless, as known_hosts is now encrypted by default
so that methods the user is likely to have used for editing it won't work. The hint that the offending key is likely line 9 is too cryptic to be useful (and may be difficult to interpret if there are any comments in known_hosts). In any case, the user has no reasonable way to directly add the correct key, other than by deleting the line and running ssh again anyway.


Expected results:
ssh should respond something like:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
cc:e5:df:24:f6:1a:b4:dd:7d:61:c0:87:bb:98:80:3b.
Please contact your system administrator.

If you know that the key should have changed, delete the offending key by
ssh-keygen -R <hostname>
or by deleting the corresponding line in /root/.ssh/known_hosts.
Offending key in /root/.ssh/known_hosts:9
Then run ssh again to confirm the new key.
RSA host key for scteach.snu.ac.kr has changed and you have requested strict checking.
Host key verification failed.

Additional info:
Comment 1 Matthias Saou 2011-07-09 19:03:14 UTC 
This was clearly not the right component, as sshmenu is a completely different beast.

To get the name of the package from where the command you're reporting the issue for came from, you could have run something like this :
$ rpm -qf `which ssh`
openssh-clients(0:5.5p1-24.fc14.2).x86_64

Reassigning to the correct component.
Comment 2 Fedora Admin XMLRPC Client 2011-11-30 12:26:08 UTC 
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 3 Fedora End Of Life 2012-08-16 15:05:30 UTC 
This message is a notice that Fedora 14 is now at end of life. Fedora 
has stopped maintaining and issuing updates for Fedora 14. It is 
Fedora's policy to close all bug reports from releases that are no 
longer maintained.  At this time, all open bugs with a Fedora 'version'
of '14' have been closed as WONTFIX.

(Please note: Our normal process is to give advanced warning of this 
occurring, but we forgot to do that. A thousand apologies.)

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, feel free to reopen 
this bug and simply change the 'version' to a later Fedora version.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we were unable to fix it before Fedora 14 reached end of life. If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora, you are encouraged to click on 
"Clone This Bug" (top right of this page) and open it against that 
version of Fedora.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping