On 02/12/2014 07:34 PM, Paul E Condon wrote:
> ...
> Question: Suppose I encounter this situation of the 'known host' having
> moved to a different IP address (or a different URL?), is there a way
> to discover whether the change is due to a proper functioning DynDNS,
> or to a somewhat unstealthy man-in-the-middle operation? ...
The key rather than the address is the authoritative identifier of a
host. So a changing IP should be ok as long as the host key remains the
same. It is the host key which is used as identification and proof
against a man in the middle attack. So if the host key is the same, it
is not a MITM. Or if it is a MITM, it's more serious in that you've
lost your key.
A changing IP leads to filling known_hosts with lots of entries, which
is what Zenaan's original question was about. After the first entry for
a named host gets the name along with the IP, the subsequent known_host
entries for that key do not contain the hostname.
sed works for clearing them out but upon thinking about it, awk might be
better since it would allow keeping one copy of the key, sed would
remove them all. However, awk must work via a temporary file and cannot
work directly on the known_hosts file. With either, the pattern to
search for would be a key or a key fragment.
awk "/$key/ && c++ { next } { print }" \
~/.ssh/known_hosts > ~/.ssh/known_hosts.new;
It's going to be a short script, including extracting the key to use in
sed or awk.
Regards,
/Lars
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52fbb768.3020...@gmail.com
