[Labs-l] Fingerprint change
Huji Lee
huji.huji at gmail.com
Wed Aug 26 23:33:17 UTC 2015
No, the banner is shown BEFORE authentication is made; see sshd_config
<http://linux.die.net/man/5/sshd_config>.
On Wed, Aug 26, 2015 at 7:19 PM, Tim Landscheidt <tim at tim-landscheidt.de>
wrote:
> (anonymous) wrote:
>
> >>> It looks like a temporal error. Now there is no warning.
>
> >> This happens when our network service crashes. While the network
> >> service is down, all traffic bound for a specific instance instead hits
> >> the network server. Ssh blithely tries to log in there, sees the wrong
> >> host key, and complains.
>
> >> This was a side-effect of the upgrade I'm in the middle of. I'm done
> >> with the networking stuff so the problem shouldn't recur immediately. I
> >> don't know how to avoid it entirely :(
>
> > As that host is not supposed to get any connection, I would
> > put a Banner entry on sshd_config saying "This is not the
> > drone you were expecting to log into" (or a more elaborate
> > phrase of your email :P).
> > That would at least hint that instead of panicking we should
> > go to irc to bug you for crashing the network service ;)
>
> Isn't the banner only shown after establishing the connec-
> tion, i. e. after the user would "fix" the host's finger-
> print?
>
> Tim
>
>
> _______________________________________________
> Labs-l mailing list
> Labs-l at lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/labs-l
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.wikimedia.org/pipermail/labs-l/attachments/20150826/c07dd35f/attachment-0001.html>
More information about the Labs-l
mailing list