Bug 799928
| Summary: | [RFE] Hash the hostname/port information in the known_hosts file. | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Stephen Gallagher <sgallagh> |
| Component: | sssd | Assignee: | Jakub Hrozek <jhrozek> |
| Status: | CLOSED ERRATA | QA Contact: | Kaushik Banerjee <kbanerje> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | high | ||
| Version: | 6.3 | CC: | grajaiya, jgalipea, prc, spoore |
| Target Milestone: | rc | Keywords: | FutureFeature |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | sssd-1.9.1-1.el6 | Doc Type: | Enhancement |
| Doc Text: |
Do not document
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-02-21 09:20:13 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Stephen Gallagher
2012-03-05 12:48:45 UTC
This request was not resolved in time for the current release. Red Hat invites you to ask your support representative to propose this request, if still desired, for consideration in the next release of Red Hat Enterprise Linux. This request was erroneously removed from consideration in Red Hat Enterprise Linux 6.4, which is currently under development. This request will be evaluated for inclusion in Red Hat Enterprise Linux 6.4. Verified.
Version ::
sssd-1.9.2-21.el6.x86_64
Manual Test Results ::
[root@rhel6-1 log]# ssh rhel6-1.testrelm.com
root.com's password:
Last login: Wed Nov 28 08:45:45 2012 from 192.168.122.1
[root@rhel6-1 ~]# exit
logout
Connection to rhel6-1.testrelm.com closed.
[root@rhel6-1 log]# ssh-keygen -H -F rhel6-1.testrelm.com -f /var/lib/sss/pubconf/known_hosts
# Host rhel6-1.testrelm.com found: line 3 type RSA
|1|jzhcKuywO/syrzxU7BjbXAIa/kM=|RznFNMi4cWBK8/LXEdx2CqlCbSw= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxes4L818CAuJFLTL0MOwKaL6IbG92Mx3orn0ceOvz8OlWZ3VJADiBIXC9GdDTFEzJIqP5EW/WWb7hgbjBJ0h9zmD7onxgXZj+J9m28REl1ut03KldBYcBZPGyhYs+sKRCLSp1R5BT6laoq5rYxnQuDwCa8oljhnaCpBnWu9t7le3cfXmJfWfbnCFNB5FCPc/UDL/QwuLBiq0QNoRrjOgJqygtZ7EMP3csrYB/UxkNCvycGbZ6xg49HAcci064Ek6wz5GYD7/yFQB5bqvK1cAUkLjlL5m8Osw+McU+Z/aFz/5QfDHaEJ/krlCM8HPjEYv35CG0cYt1fHQKgYARxGMqw==
# Host rhel6-1.testrelm.com found: line 4 type DSA
|1|+/qqOvsp0eYFPHyUddi+YYn5XLs=|6nvBL7cSakbCOuXZXq5smAZ70qg= ssh-dss AAAAB3NzaC1kc3MAAACBAOVwCsdmy76rq7NeRhKWzvoMFhTu4jjaDcOUi1RIJujR0MbncFaZMK2oVR4hIu/Br19ZqSFz55DurlQRpxw0RLcv3AQS4OWXu5zgMvDHK/87f0J8PlatSzNOmLNrVJZAiYe8LdhuXfd5Cz2o+LjxQ/j0YnHyg9KjJ8hY3HOFqYGVAAAAFQCTDM0w6dGWA8SGtSxVIR/CYOFyawAAAIEA04PQf1JF1HkPkfr/xRsMWPBKZvIsX5tD54Y64Pakc/A4oTKxFjTlW/Z3i62Rwx4g7VCFsjbabXJ/CvLq+zZsuqJEU8kny6Sk0SQ+ky4rbPj0zatzM8uQKFpeuY+103fKp/pn5AUUTGgCK5nf5o4lwiR4enDVG3Tp7DjOWDNkfUwAAACACpDqLiyaC+dFIaBl5tAXbEf2PieEZ6Q7wEtCAQ2IsiRGFjsXzqZYo/qZk9gWkieClVofGlSdhbyZGbBFx9Q8t/yaNFbsqB09RCzgRxlQGqgltKMEtYok9IpzegcWgkPP0VT/KGcrvTfeccLOFyCucLMpYIHs2n9QvHUEgqz2CaQ=
[root@rhel6-1 log]# knownhost="$(ssh-keygen -H -F rhel6-1.testrelm.com -f /var/lib/sss/pubconf/known_hosts |grep ssh-rsa)"
[root@rhel6-1 log]# hostname=$(hostname)
[root@rhel6-1 log]# key=$(echo ${knownhost:3:28} | base64 -d | xxd -ps)
[root@rhel6-1 log]# mac1=$(echo ${knownhost:32:28} | base64 -d | xxd -ps)
[root@rhel6-1 log]# mac2=$(echo -n $hostname | openssl dgst -sha1 -mac HMAC -macopt hexkey:$key | awk '{ print $2 }')
[root@rhel6-1 log]# [ $mac1 = $mac2 ] && echo 'Keys match'
Keys match
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0508.html |