Bug 1369092 - [RFE] - fetch SSH fingerprint should be more automatically and user friendly
Summary: [RFE] - fetch SSH fingerprint should be more automatically and user friendly
Keywords:
Status: CLOSED DEFERRED
Alias: None
Product: ovirt-engine
Classification: oVirt
Component: RFEs
Version: 4.0.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium vote
Target Milestone: ---
: ---
Assignee: Rob Young
QA Contact: Lukas Svaty
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-08-22 13:26 UTC by Shira Maximov
Modified: 2020-04-01 14:49 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-04-01 14:44:31 UTC
oVirt Team: Infra
oourfali: ovirt-future?
rule-engine: planning_ack?
rule-engine: devel_ack?
rule-engine: testing_ack?


Attachments (Terms of Use)

Description Shira Maximov 2016-08-22 13:26:45 UTC
Description of problem:
In case of trying to re-install host, If host changed his SSH fingerprint,
the following error will be in the events tab: 

Host <host name> installation failed. Invalid fingerprint SHA256:+rQeBegZiDek/+b50NXoW/IDVRcwpWYOEYx4YpnLtEg, expected SHA256:PhhVQGc1wyYljj4EAVLCtf/fKSDE5foFZrMnQEPyjlY.

I this case, the behaviour should be the same as connecting this host in ssh.
It means that the user will get a notification about the change of fingerprint,
and will decided if he wants to fetch the fingerprint from the host. 

The reason is that the fetch option is under Edit host -> General -> advanced parameters. and it's not so user friendly.

The ssh message:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for lilach-vdsb.tlv.redhat.com has changed,
and the key for the corresponding IP address 10.35.5.48
has a different value. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
Offending key for IP in /home/mshira/.ssh/known_hosts:8
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:+rQeBegZiDek/+b50NXoW/IDVRcwpWYOEYx4YpnLtEg.
Please contact your system administrator.
Add correct host key in /home/mshira/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/mshira/.ssh/known_hosts:144
RSA host key for lilach-vdsb.tlv.redhat.com has changed and you have requested strict checking.
Host key verification failed.

Comment 1 Michal Skrivanek 2020-03-18 15:43:38 UTC
This bug didn't get any attention for a while, we didn't have the capacity to make any progress. If you deeply care about it or want to work on it please assign/target accordingly

Comment 2 Michal Skrivanek 2020-03-18 15:46:53 UTC
This bug didn't get any attention for a while, we didn't have the capacity to make any progress. If you deeply care about it or want to work on it please assign/target accordingly

Comment 3 Michal Skrivanek 2020-04-01 14:44:31 UTC
ok, closing. Please reopen if still relevant/you want to work on it.

Comment 4 Michal Skrivanek 2020-04-01 14:49:30 UTC
ok, closing. Please reopen if still relevant/you want to work on it.


Note You need to log in before you can comment on or make changes to this bug.