On Tue, Mar 07, 2000 at 01:21:23PM -0600, Manoj Srivastava wrote: > >>"Michael" == Michael Stone <mstone@debian.org> writes: > Michael> I don't care whether it's documented. I do care if I get a > Michael> lot of questions from users who don't understand why they > Michael> get error messages sometimes when going to a host that has > Michael> always worked. > > Well, you can tell them that the servers are buggy, and > perhaps get the ssh server fixed? Analyize your costs and benefits: changing the host key means that all users have to delete the stored known_host and accept a new key. That's potentially a big logistical problem (cost). The benefit is you get one extra bit of security. Whoopie. I'm not aware of any widely employed attack that succeeds on keys of 1023 bits and fails on keys of 1024 bits. Do you? This is an ego stroking "my key is bigger than yours" message, not a serious security warning. At any rate, this is getting away from my original point, that it's not fair to say openssh is a completely compatible replacement for ssh-nonfree or to use that as a justification for removing ssh-nonfree. > Espescially since there is a > workaround to stop seeing the message. What would that workaround be? I only see a workaround to change the displayed message. -- Mike Stone
Attachment:
pgpSuFeZSv9sM.pgp
Description: PGP signature