Wouldn't constantly changing ssh keys make it more secure?
On 1/2/07, Mike Perry <[EMAIL PROTECTED]> wrote:
Deliberately breaking threading so this doesn't fall through the cracks. Thus spake Robert Hogan ([EMAIL PROTECTED]): > > Got this when testing an ssh connection: > > WARNING: DSA key found for host shell.sf.net > in /home/robert/.ssh/known_hosts:8 > DSA key fingerprint 4c:68:03:d4:5c:58:a6:1d:9d:17:13:24:14:48:ba:99. > The authenticity of host 'shell.sf.net (66.35.250.208)' can't be established > but keys of different type are already known for this host. > RSA key fingerprint is cf:9b:db:c4:53:c3:f0:0d:e8:c4:15:33:61:71:01:ca. > Are you sure you want to continue connecting (yes/no)? no > > > Tor first attempted to attach a circuit with toxischnet as it's exit. This > didn't work, so it then used tormentor. I then got the above. > > I subsequently used both toxischnet and tormentor to connect without any key > authentication issues. The RSA fingerpint is not listed by sourceforge. > > http://sourceforge.net/docs/G04/en/#fingerprintlist > > Malice? Misconfiguration of some sort? Anyone care to test either of these > exits? Hrmm.. My scanner seems to be getting hung on some bug (possibly one that I'm tickling in Tor or possibly my own), so I haven't seen this during automatic scanning yet, but I can confirm manually that tormentor IS in fact regularly changing ssh keys. It should be delisted as an exit ASAP. toxischnet is currently hibernating, so its hard to say on that one. -- Mike Perry Mad Computer Scientist fscked.org evil labs
