Subject: | |
From: | |
Reply To: | Robert E. Blair |
Date: | Fri, 9 Mar 2007 11:44:03 -0600 |
Content-Type: | multipart/mixed |
Parts/Attachments: |
|
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
We had some confusion regarding host keys for one of the fermilab hosts.
It appears that the host key had changed (this happens) and attempts to
login using ssh with protocol 1 on an SL3 (this is to work around a
kerberos issue on sl3) machine failed due to the mismatch in a users
known_hosts and the server's key. Despite that an SL4 system would log
in just fine (using protocol 2). It appears that the host key is not
checked using the GSSAPI (kerberos) authentication in this latter case.
Is this normal? Is the host key pair not being used for encryption in
this case so it need not be checked? If the user does not have a
kerberos ticket on the SL4 system then the host key is checked and the
connection fails as expected. This may not be the right place to ask
this, doe anyone have a better forum for such a question?
- --
Robert E. Blair, Room E277, Building 362
Argonne National Laboratory (High Energy Physics Division)
9700 South Cass Avenue, Argonne, IL 60439, USA
Phone: (630)-252-7545 FAX: (630)-252-5782
GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFF8ZzjCDBz0lN+7YcRAsuxAJ46QaTaJDVetCSrcKTPkof1nQCTCwCfaTLs
P0BayRDg4nLfIQstTuojHc4=
=TYMx
-----END PGP SIGNATURE-----
|
|
|