On Tue, 18 Aug 2009, David Cantrell wrote:
On Tue, Aug 18, 2009 at 03:43:13PM +0300, Yossi Kreinin wrote:
1. Ever seen those messages by ssh where it complains about its
inability to establish the authenticity of a host? Well, it recently
complained to me about localhost. Up until then, I thought you couldn't
get more authentic than that. I wonder whether it doubted the locality
of localhost or its hospitality, but it didn't say.
I fail to see how this could possibly be useful. I suppose the argument
is that it helps when you're sshing to localhost:1234 where port 1234 is
forwarded to an ssh daemon elsewhere. And obviously you need to know
that you're not *really* going to localhost. But, of course, this
breaks ALL THE FUCKING TIME because if you're the sort of person to use
ssh tunnelling at all, you probably use it for more than just one host,
and so you're going to have two or more different keys for localhost
*and expect them to be different because they're different hosts*.
it may not be the localhost you are looking for. Ive seen machines which
dont have localhost in their hosts file and rely on their dns server to
tell them what localhost is.
--
bob walker
buses should be purple and bendy
