On Wed December 10 2008, Mike McGrath wrote:
On Wed, 10 Dec 2008, Mike McGrath wrote:
I've not actually used global ssh_known_hosts before, I wouldn't be
surprised if it causes issues in some of our scripts that might have a
conflicting ~/.ssh/known_hosts. Lets keep our eyes open.
If there is a conflict, then the public key of the host the script connects to
will probably not match. Therefore there is a problem anyways.
http://fedoraproject.org/wiki/Infrastructure/SOP/ssh_known_hosts
I suggest to use
echo app1,10.8.34.59 $(cat /etc/ssh/ssh_host_rsa_key.pub)
on the regarding machine instead of
ssh-keyscan -t rsa app1,10.8.34.59
on a remote machine. Otherwise there may be still a small window of
opportunity for a mitm attack.
Regards,
Till
signature.asc
Description: This is a digitally signed message part.
___
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list