Re: ssh server hashcode change on nanoBSD
On Tue, Jan 1, 2013 at 10:41 PM, Lowell Gilbert wrote: >Don't top-post, please. Sorry for top-posting.. i'll try to keep an eye on it from now on :) well, cause i got my answer, let's have a conclusion: According to: On Tue, Jan 1, 2013 at 10:41 PM, Lowell Gilbert wrote: >There are a number of keys involved in ssh. The host keys are used at >the start of the connection to make sure that some other machine doesn't >impersonate the one you wanted. and On Wed, Jan 2, 2013 at 2:22 PM, Polytropon wrote: >The key received in the first step of a SSH session is the >host key which identifies the host (in your case: the nanoBSD >box). This key is stored in the SSH client's key database for >reference because the key of a box typically does not change. .. >As explained, this host key is generated when no key is found >at startup. As soon as you make it permanent to your nanoBSD >installation, the key will obviously stay the same, and the >SSH client won't complain i made my ssh server key permanent on my nanoBSD server, by moving /etc/ssh/ files to /cfg/ssh files (i think those two files named dsa_key are enough, but in this test, i copied all files in the source dir..) and now there are no compliments from any clients, thanks to Polytropon and Lowell and Aldis. :) >Cryptography in general is quite complicated, and ssh is a lot more >complicated than just its cryptography. and also thank you all for your patience and good explanations :) Best Regards, t.a.k ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ssh server hashcode change on nanoBSD
On Tue, 1 Jan 2013 18:59:05 +0330, takCoder wrote: > thank you for the details mentioned :) > > but now, a questions occurred to me about this ssh key. > as i don't know enough about its process, would you please tell me whether > this key is a shared key for all ssh clients who send a request? or it > differs as the client changes? The key received in the first step of a SSH session is the host key which identifies the host (in your case: the nanoBSD box). This key is stored in the SSH client's key database for reference because the key of a box typically does not change. If it changes - there should be a valid reason for it, or it might look like "there's something wrong here". As explained, this host key is generated when no key is found at startup. As soon as you make it permanent to your nanoBSD installation, the key will obviously stay the same, and the SSH client won't complain. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ssh server hashcode change on nanoBSD
Don't top-post, please. takCoder writes: > but now, a questions occurred to me about this ssh key. > as i don't know enough about its process, would you please tell me whether > this key is a shared key for all ssh clients who send a request? or it > differs as the client changes? There are a number of keys involved in ssh. The host keys are used at the start of the connection to make sure that some other machine doesn't impersonate the one you wanted. The encryption of the data happens with per-session keys, which are not only different for each client, but for every session. The two types of keys are not related to each other. > (this question may sound a bit newbiesh, but i don't know much about the > ssh process, sorry :) ) Cryptography in general is quite complicated, and ssh is a lot more complicated than just its cryptography. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ssh server hashcode change on nanoBSD
thank you for the details mentioned :) but now, a questions occurred to me about this ssh key. as i don't know enough about its process, would you please tell me whether this key is a shared key for all ssh clients who send a request? or it differs as the client changes? (this question may sound a bit newbiesh, but i don't know much about the ssh process, sorry :) ) Best Regards, t.a.k On Tue, Jan 1, 2013 at 6:10 PM, Polytropon wrote: > On Tue, 1 Jan 2013 14:11:21 +0330, takCoder wrote: > > everything is fine until i restart my nanoBSD server. the problem is that > > each time i restart my server, the source system is complaining about > that > > i need to edit my known_hosts file cause my nanoBSD hash-code is not > > matched.. > > > > how can i fix this?! it really bothers me cause i think of it as a > security > > problem.. i can't risk such things on my server.. > > You should make the key permanent (i. e. include it on the > boot media you're using). In case no key is found at sshd > startup, a new one will be generated - a different one each > time, of course. So what you're seeing seems to be "normal", > even though not desired at all. :-) > > > > > -- > Polytropon > Magdeburg, Germany > Happy FreeBSD user since 4.0 > Andra moi ennepe, Mousa, ... > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ssh server hashcode change on nanoBSD
On Tue, 1 Jan 2013 14:11:21 +0330, takCoder wrote: > everything is fine until i restart my nanoBSD server. the problem is that > each time i restart my server, the source system is complaining about that > i need to edit my known_hosts file cause my nanoBSD hash-code is not > matched.. > > how can i fix this?! it really bothers me cause i think of it as a security > problem.. i can't risk such things on my server.. You should make the key permanent (i. e. include it on the boot media you're using). In case no key is found at sshd startup, a new one will be generated - a different one each time, of course. So what you're seeing seems to be "normal", even though not desired at all. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ssh server hashcode change on nanoBSD
>-- Forwarded message -- >From: Aldis Berjoza >Date: Tue, Jan 1, 2013 at 2:17 PM >Subject: Re: ssh server hashcode change on nanoBSD > >I've never used NanoBSD, but, check if ssh daemon can write to /etc/ssh/ otherwise it >won't be able to save ssh_host_* keys >Or you can create ssh_host keys and embed them in you NanoBSD image >-- >Aldis Berjoza >FreeBSD addict thank you :) for the ones who know about nanobsd, i've got a /cfg on nanobsd. during nanoBsd startup, files in /etc are replaced with their new version in /cfg, if any; (as /etc is a md here). so, in the case i explained above, i just needed to copy /etc/ssh/* to /cfg/ssh/ and now, everything is fine :) Best Regards, t.a.k Best Regards, t.a.k On Tue, Jan 1, 2013 at 2:11 PM, takCoder wrote: > hi everyone, > > i've got a nanoBSD server. when i ssh to it from another bsd system, > first time everything is fine. the source bsd system asks me whether i > trust my nanoSBD server or not and i apply y and the nanoBSD hash key is > written in known_hosts file. > > everything is fine until i restart my nanoBSD server. the problem is that > each time i restart my server, the source system is complaining about that > i need to edit my known_hosts file cause my nanoBSD hash-code is not > matched.. > > how can i fix this?! it really bothers me cause i think of it as a > security problem.. i can't risk such things on my server.. > > would someone please give me a hand on this? > > always grateful of all your helps here :) > > Best Regards, > t.a.k > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"