On Wed, Aug 09, 2006 at 09:29:44AM -0400, fwaggle wrote: > Brooks Davis wrote: > >On Wed, Aug 09, 2006 at 12:17:35AM -0700, R. B. Riddick wrote: > >>--- Doug Barton <[EMAIL PROTECTED]> wrote: > [snip] > >>* I received a private communication yesterday about this matter. But the > >>list > >>did not. I will cite (not litterally) a little bit out of that message: > >>Since > >>you do not know anything about the remotely created host-key, u cannot > >>connect > >>safely to the freshly installed box, because: You do not even know the > >>signature of the new host-key, so that if u connect to the wrong box u > >>would > >>not even known. Workaround: You could give all hosts the same well-known > >>host-key (via your install-image-CD) and then u could change the host-key > >>in a > >>remotely controlled way individually and note down the signature? Maybe my > >>secret informer (lets call him Rasmus or RK) wants to come public... :-) > > > >These are valid if probably overly paranoid points. :) > [/snip] > > i have a question. perhaps i'm misunderstanding something with how SSH > works, but how would having a "standard freebsd private key" benefit > anyone? if you wanted to impersonate a newly installed freebsd machine, > then all you'd need is that freely-available private key. plus you'd get > a bunch of clueless admins who had their machines installed by a > dedicated server provider, and who'd never change their host key, which > would effectively ruin SSH for their purposes. > > unless i've seriously missed the boat somewhere (it's happened before!) > i think a better solution would still be random key generation with a > nice little option to email the key signature somewhere that the new > admin could pick it up. it's still fraught with impersonation danger for > the paranoid, but imo it's a better idea than having a not-so-private > key on install.
I interpreted the suggestion is something to be done via custom install media. There's no chance in hell the freebsd project would install a default key since it's such an obviously bad idea. -- Brooks
pgp3xI6AdnxkQ.pgp
Description: PGP signature
