Wouldn't constantly changing ssh keys make it more secure?
On 1/2/07, Mike Perry [EMAIL PROTECTED] wrote:
Deliberately breaking threading so this doesn't fall through the
cracks.
Thus spake Robert Hogan ([EMAIL PROTECTED]):
Got this when testing an ssh connection:
WARNING: DSA key found for host shell.sf.net
in /home/robert/.ssh/known_hosts:8
DSA key fingerprint 4c:68:03:d4:5c:58:a6:1d:9d:17:13:24:14:48:ba:99.
The authenticity of host 'shell.sf.net (66.35.250.208)' can't be
established
but keys of different type are already known for this host.
RSA key fingerprint is cf:9b:db:c4:53:c3:f0:0d:e8:c4:15:33:61:71:01:ca.
Are you sure you want to continue connecting (yes/no)? no
Tor first attempted to attach a circuit with toxischnet as it's exit. This
didn't work, so it then used tormentor. I then got the above.
I subsequently used both toxischnet and tormentor to connect without any
key
authentication issues. The RSA fingerpint is not listed by sourceforge.
http://sourceforge.net/docs/G04/en/#fingerprintlist
Malice? Misconfiguration of some sort? Anyone care to test either of these
exits?
Hrmm.. My scanner seems to be getting hung on some bug (possibly one
that I'm tickling in Tor or possibly my own), so I haven't seen this
during automatic scanning yet, but I can confirm manually that
tormentor IS in fact regularly changing ssh keys. It should be
delisted as an exit ASAP.
toxischnet is currently hibernating, so its hard to say on that one.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
