bugzilla-daemon at bugzilla
Oct 21, 2009, 12:10 AM
Post #1 of 1
(278 views)
Permalink
|
|
[Bug 1662] New: Avoidable man-in-the-middle attack warnings
|
|
https://bugzilla.mindrot.org/show_bug.cgi?id=1662
Summary: Avoidable man-in-the-middle attack warnings
Product: Portable OpenSSH
Version: 4.3p2
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: unassigned-bugs [at] mindrot
ReportedBy: t-om [at] nic
Created an attachment (id=1702)
--> (https://bugzilla.mindrot.org/attachment.cgi?id=1702)
Sample session capture (names changed)
When running one or more virtual machines within one host machine, each
virtual machine listening for ssh connections in different tcp ports of
the host machine, and one tries to connect with ssh to these virtual
machines or the host running them (other target than whose
identification information was previously saved to known_hosts in
source), ssh complains about possible man-in-the-middle attack
(WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!).
This could possibly be avoided if the port number was included in the
identification information of a host in known_hosts.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
|
