On Mon, Aug 8, 2011 at 5:00 AM, Iustin Pop <[email protected]> wrote:
> On Fri, Aug 05, 2011 at 05:20:59PM -0400, Ben Lipton wrote: > > The transfer OS has never connected to the bootstrap OS before, so it's > > silly to try to do host key checking. It just makes it ask for > > confirmation partway through the process, and then the whole thing times > > out when you don't notice. > > I agree usability-wise, but this means you're vulnerable to a MITM > attack where all the host data is leaked out to a third party. > > Maybe it would make sense to preseed the known-hosts file, or do a plain > ssh connection at start? > Now that I think about it, I think I might be able to ask the user to verify the host key when it makes the initial paramiko SSH connection, and if it is correct, save it to the known_hosts file. If I can't get it to work, I'll just do an SSH connection at the beginning so that the key will be added. > > thanks, > iustin >
