Bug#763942: insufficient warning removal instructions

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#763942: insufficient warning removal instructions
From: 積丹尼 Dan Jacobson <jidanni@jidanni.org>
Date: Sat, 04 Oct 2014 08:55:16 +0800
Message-id: <[🔎] 87a95c7ix7.fsf@jidanni.org>
Reply-to: 積丹尼 Dan Jacobson <jidanni@jidanni.org>, 763942@bugs.debian.org

Package: openssh-client
Version: 1:6.6p1-8
Severity: wishlist
File: /usr/bin/ssh


Examining the case when friendly changes are made on the remote end
causing warnings on the local end, which the user wishes to stop, to get
things back to normal, here we see the user does as told ("remove with:")

$ ssh m.jidanni.org :
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
c8:45:22:87:5f:73:f4:20:e0:cd:f7:2d:b3:5c:19:4c.
Please contact your system administrator.
Add correct host key in /home/jidanni/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/jidanni/.ssh/known_hosts:1
  remove with: ssh-keygen -f "/home/jidanni/.ssh/known_hosts" -R m.jidanni.org
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.
$ ssh-keygen -f "/home/jidanni/.ssh/known_hosts" -R m.jidanni.org
# Host m.jidanni.org found: line 1 type RSA
/home/jidanni/.ssh/known_hosts updated.
Original contents retained as /home/jidanni/.ssh/known_hosts.old
$ ssh m.jidanni.org :
Warning: Permanently added 'm.jidanni.org' (RSA) to the list of known hosts.
Warning: the RSA host key for 'm.jidanni.org' differs from the key for the IP address '69.163.216.252'
Offending key for IP in /home/jidanni/.ssh/known_hosts:18
$ ssh m.jidanni.org :
Warning: the RSA host key for 'm.jidanni.org' differs from the key for the IP address '69.163.216.252'
Offending key for IP in /home/jidanni/.ssh/known_hosts:18
Matching host key in /home/jidanni/.ssh/known_hosts:27



Thus without an additional message about what command to use to solve the problem,
he is still stuck with the warnings.


Yes, experts will know what to do next:


$ ed /home/jidanni/.ssh/known_hosts
10662
18d
wq
10220
$ ssh m.jidanni.org :
Warning: Permanently added the RSA host key for IP address '69.163.216.252' to the list of known hosts.
$ ssh m.jidanni.org :
$


But normal users still need a _second_ "remove with:" style hint!

Reply to:

Prev by Date: Bug#763375: marked as done (openssh is not binNMU safe)
Next by Date: Bug#764027: [openssh-client] change default for CheckHostIP to no
Previous by thread: Bug#763375: marked as done (openssh is not binNMU safe)
Next by thread: Bug#764027: [openssh-client] change default for CheckHostIP to no
Index(es):
- Date
- Thread