[kwlug-disc] Tightening up SSH

John Van Ostrand john at netdirect.ca
Mon Jul 19 10:26:54 EDT 2010


----- Original Message -----
> As I understand it, each machine already has a keypair which is
> generated as part of the install. This is why you get the "host has
> changed its RSA key" message if you put a different machine at the
> same IP address/hostname on your network, or do a reinstall.

It is important to know which machine you are connecting to. In essence the machine keys are the machine authentication method. Consider that you are transferring an important file to another machine, you'd like to know that it was your machine right? Let a hacker get a backup file and all of a sudden he has lots of good data, maybe even credit cards and bank logins.

If you are ever prompted with the "host has changed is key" message, think twice about accepting the connection. It's probably just an IP change, or an SSH re-install, but stop and think first.

-- 
John Van Ostrand 
CTO, co-CEO 
Net Direct Inc. 
564 Weber St. N. Unit 12, Waterloo, ON N2L 5C6 
Ph: 866-883-1172 x5102 
Fx: 519-883-8533 

Linux Solutions / IBM Hardware 





More information about the kwlug-disc mailing list