On 13/02/14 07:07, Dan Purgert wrote:
> On 12/02/2014 13:30, Paul E Condon wrote:
>> On 20140212_200320, Lars Noodén wrote:
>>> On 02/12/2014 07:34 PM, Paul E Condon wrote:
...
Question: Suppose I encounter this situation of the 'known host' having
moved to a different IP address (or
On 12/02/2014 13:30, Paul E Condon wrote:
On 20140212_200320, Lars Noodén wrote:
On 02/12/2014 07:34 PM, Paul E Condon wrote:
...
Question: Suppose I encounter this situation of the 'known host' having
moved to a different IP address (or a different URL?), is there a way
to discover whether the
On 20140212_200320, Lars Noodén wrote:
> On 02/12/2014 07:34 PM, Paul E Condon wrote:
> > ...
> > Question: Suppose I encounter this situation of the 'known host' having
> > moved to a different IP address (or a different URL?), is there a way
> > to discover whether the change is due to a proper f
On Wed 12 Feb 2014 at 10:34:33 -0700, Paul E Condon wrote:
> Question: Suppose I encounter this situation of the 'known host' having
> moved to a different IP address (or a different URL?), is there a way
> to discover whether the change is due to a proper functioning DynDNS,
> or to a somewhat un
On 02/12/2014 07:34 PM, Paul E Condon wrote:
> ...
> Question: Suppose I encounter this situation of the 'known host' having
> moved to a different IP address (or a different URL?), is there a way
> to discover whether the change is due to a proper functioning DynDNS,
> or to a somewhat unstealthy
On 20140212_152909, Lars Noodén wrote:
> On 02/12/2014 02:59 PM, Brian wrote:
> > On Tue 11 Feb 2014 at 15:22:26 +0200, Lars Noodén wrote:
> >
> >> ssh-keygen -r checks the SSHFP record in DNS. Use grep or something to
> >> check known_hosts. For me, ssh-keygen -R does not remove all the
> >> dy
On 02/12/2014 02:59 PM, Brian wrote:
> On Tue 11 Feb 2014 at 15:22:26 +0200, Lars Noodén wrote:
>
>> ssh-keygen -r checks the SSHFP record in DNS. Use grep or something to
>> check known_hosts. For me, ssh-keygen -R does not remove all the
>> dynamically generated host keys, however. I've not y
On Tue 11 Feb 2014 at 15:22:26 +0200, Lars Noodén wrote:
> ssh-keygen -r checks the SSHFP record in DNS. Use grep or something to
> check known_hosts. For me, ssh-keygen -R does not remove all the
> dynamically generated host keys, however. I've not yet identified what
> confounds ssh-keygen.
On Tue 11 Feb 2014 at 06:52:10 -0700, Paul E Condon wrote:
> I'm puzzled about the apparent 'security theater' on this topic.
> Known host checking is done, I think, to defend against 'man in the
> middle', so when the known host key changes because of some event down
> in the bowels of dynamic dn
On Tue, Feb 11, 2014 at 11:56:41PM +1100, Zenaan Harkness wrote:
> On 2/11/14, Brian wrote:
> > On Tue 11 Feb 2014 at 10:10:37 +1100, Zenaan Harkness wrote:
> >> I'm wondering:
> >> 1) how to easily clean known_hosts
> >
> > ssh-keygen with the -R option.
>
> $ HOST=raptor
> $ ssh-keygen -r $HOST
On 02/11/2014 03:52 PM, Paul E Condon wrote:
> ... Known host checking is done, I think, to defend against 'man in
> the middle', so when the known host key changes because of some event
> down in the bowels of dynamic dns, does one have any possibility of
> determining that it is truly *not* a ma
Paul E Condon:
>
> I'm puzzled about the apparent 'security theater' on this topic.
> Known host checking is done, I think, to defend against 'man in the
> middle',
Exactly.
> so when the known host key changes because of some event down
> in the bowels of dynamic dns, does one have any possibili
I'm puzzled about the apparent 'security theater' on this topic.
Known host checking is done, I think, to defend against 'man in the
middle', so when the known host key changes because of some event down
in the bowels of dynamic dns, does one have any possibility of
determining that it is truly *no
On 02/11/2014 02:56 PM, Zenaan Harkness wrote:
> On 2/11/14, Brian wrote:
>> On Tue 11 Feb 2014 at 10:10:37 +1100, Zenaan Harkness wrote:
>>> I'm wondering:
>>> 1) how to easily clean known_hosts
>>
>> ssh-keygen with the -R option.
>
> Sounds great! (also, the CheckHostIP = no option looks very
On 2/11/14, Brian wrote:
> On Tue 11 Feb 2014 at 10:10:37 +1100, Zenaan Harkness wrote:
>> I'm wondering:
>> 1) how to easily clean known_hosts
>
> ssh-keygen with the -R option.
Sounds great! (also, the CheckHostIP = no option looks very useful in
this regard, thanks Karl)
However - it seems to
Hi
On Tue, Feb 11, 2014 at 09:53:32AM +1100, Zenaan Harkness wrote:
> With a dyndns type server, each time a new ip address happens, ssh
> login adds a new entry to .known_hosts
>
> Is there a recommended way to handle this?
Turn off CheckHostIP ?
For the uninitiated, in your ~/.ssh/config file
On Tue 11 Feb 2014 at 10:10:37 +1100, Zenaan Harkness wrote:
> I'm wondering:
>
> 1) how to easily clean known_hosts
ssh-keygen with the -R option.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
A
On 02/11/2014 01:10 AM, Zenaan Harkness wrote:
>> On Feb 10, 2014 2:53 PM, "Zenaan Harkness" wrote:
>>> With a dyndns type server, each time a new ip address happens, ssh
>>> login adds a new entry to .known_hosts
>>>
>>> Is there a recommended way to handle this?
>
> On 2/11/14, Schlacta, Christ
> On Feb 10, 2014 2:53 PM, "Zenaan Harkness" wrote:
>> With a dyndns type server, each time a new ip address happens, ssh
>> login adds a new entry to .known_hosts
>>
>> Is there a recommended way to handle this?
On 2/11/14, Schlacta, Christ wrote:
> Configure static dhcp leases for your server
With a dyndns type server, each time a new ip address happens, ssh
login adds a new entry to .known_hosts
Is there a recommended way to handle this?
TIA
Zenaan
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.d
20 matches
Mail list logo
