List Info

Thread: DO NOT REPLY - delete a page, will as well delete the parent document if no more childre
DO NOT REPLY - delete a page, will as well delete the parent document if no more childre
user name
 2006-03-23 10:31:26 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38
820>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=38820





------- Additional Comments From pol-adminuni-duisburg.de  2006-03-23 10:31 -------
For the record, i think i just saw the same issue. Made my
day :-D

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=ema
il
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the
assignee.

------------------------------------------------------------
---------
To unsubscribe, e-mail: dev-unsubscribelenya.apache.org
For additional commands, e-mail: dev-helplenya.apache.org
HostKey checking and DNS finger print verification
user name
 2006-03-23 10:00:43 
Senthil krishna wrote:
> I have a client-server setup with about 100 nodes. We
often install the OS 
> and this results in change of host keys in our server.
This necessiates the 
> need to update all known_hosts files in the client
machines. Im using the 
> VerifyHostKeyDNS option in the client side where the
DNS is updated with new 
> finger print each time we change the host key. But
still the SSH client 
> verifies its known_hosts file even the DNS finger print
matches.
> 
> Is there any way to overcome clients local database
checking if DNS finger 
> print matches? What are the security issues associated
with this way?

If your DNS is trusted (ie DNSSEC) then the fingerprints
will be trusted
too.  Otherwise the DNS results are used as an additional
check but are
not trusted.

If practical you could also save and restore the host keys
during a rebuild.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7
8FF4 FA69
    Good judgement comes with experience. Unfortunately, the
experience
usually comes from bad judgement.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-devmindrot.org
http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
[1-2]

about | contact  Other archives ( Real Estate discussion Medical topics )