AW: [FreeNX-kNX] Alioth projekt for FreeNX debian packages
Paul van der Vlis
paul at vandervlis.nl
Wed Jun 15 09:17:33 UTC 2005
Felix Schumacher schreef:
> Hi all,
>
> if "nxsetup --setup-nomachine-key" installs a pre-computed ssh private
> key
> for use with the secure channel. I believe anyone could intercept this
> secure
> Channel with a "man in the middle" attack. And get the clear-text
> passwords
> for the user, which are sent over the (than not so) secure channel.
No, I think the user will get a warning, because the host-key is
different in such a case. Something like:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
70:52:98:af:3b:70:df:4d:e1:1d:ff:6c:1b:ef:45:20.
Please contact your system administrator.
Add correct host key in /home/paul/.ssh/known_hosts to get rid of this
message.
Offending key in /home/paul/.ssh/known_hosts:93
RSA host key for machine.domain.nl has changed and you have requested
strict checking.
Host key verification failed.
With regards,
Paul van der Vlis.
More information about the FreeNX-kNX
mailing list