Bug 681493 - Known_hosts error message is misleading
Known_hosts error message is misleading
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: openssh (Show other bugs)
14
All Linux
unspecified Severity unspecified
: ---
: ---
Assigned To: Petr Lautrbach
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2011-03-02 06:29 EST by bob mckay
Modified: 2012-08-16 11:05 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-08-16 11:05:27 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description bob mckay 2011-03-02 06:29:01 EST
Sorry, I know this is the wrong component, but I can't find the right component for reporting ssh problems; I'm hoping you will know how to redirect.

Description of problem:
ssh error messages for changed keys is highly misleading.

Version-Release number of selected component (if applicable):
Any recent

How reproducible:
Always

Steps to Reproduce:
1. ssh to a host whose host key has changed
2.
3.
  
Actual results:
ssh responds:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
cc:e5:df:24:f6:1a:b4:dd:7d:61:c0:87:bb:98:80:3b.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:9
RSA host key for scteach.snu.ac.kr has changed and you have requested strict checking.
Host key verification failed.

This message is effectively useless, as known_hosts is now encrypted by default
so that methods the user is likely to have used for editing it won't work. The hint that the offending key is likely line 9 is too cryptic to be useful (and may be difficult to interpret if there are any comments in known_hosts). In any case, the user has no reasonable way to directly add the correct key, other than by deleting the line and running ssh again anyway.


Expected results:
ssh should respond something like:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
cc:e5:df:24:f6:1a:b4:dd:7d:61:c0:87:bb:98:80:3b.
Please contact your system administrator.

If you know that the key should have changed, delete the offending key by
ssh-keygen -R <hostname>
or by deleting the corresponding line in /root/.ssh/known_hosts.
Offending key in /root/.ssh/known_hosts:9
Then run ssh again to confirm the new key.
RSA host key for scteach.snu.ac.kr has changed and you have requested strict checking.
Host key verification failed.

Additional info:
Comment 1 Matthias Saou 2011-07-09 15:03:14 EDT
This was clearly not the right component, as sshmenu is a completely different beast.

To get the name of the package from where the command you're reporting the issue for came from, you could have run something like this :
$ rpm -qf `which ssh`
openssh-clients(0:5.5p1-24.fc14.2).x86_64

Reassigning to the correct component.
Comment 2 Fedora Admin XMLRPC Client 2011-11-30 07:26:08 EST
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 3 Fedora End Of Life 2012-08-16 11:05:30 EDT
This message is a notice that Fedora 14 is now at end of life. Fedora 
has stopped maintaining and issuing updates for Fedora 14. It is 
Fedora's policy to close all bug reports from releases that are no 
longer maintained.  At this time, all open bugs with a Fedora 'version'
of '14' have been closed as WONTFIX.

(Please note: Our normal process is to give advanced warning of this 
occurring, but we forgot to do that. A thousand apologies.)

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, feel free to reopen 
this bug and simply change the 'version' to a later Fedora version.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we were unable to fix it before Fedora 14 reached end of life. If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora, you are encouraged to click on 
"Clone This Bug" (top right of this page) and open it against that 
version of Fedora.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Note You need to log in before you can comment on or make changes to this bug.