On 5/2/06, Constantine A. Murenin <[EMAIL PROTECTED]> wrote:
Another thing is trusting the updated hostkey. Imagine you are a sysadmin at a university. Do you keep the old hostkey when you reinstall the system on a specific host? What about when you upgrade a Sun workstation, but keep the old hostname? How am I as a student may know if the new hostkey is legitimate? Good thing if I have an entry of another Sun workstation in the destination network in my .ssh/known_hosts, to which I could ssh and see if the host in question shows the same signature 'locally', but what if I don't?
Yes, we do try hard to keep the host keys the same. I get very grumpy at people who change host keys without a good reason. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?