Hi list,
after swapping a server and trying to connect to it with X2Go,
x2goclient greets me with
---------------------------
Authentification failed
---------------------------
Host key for server changed.
It is now: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
For security reasons, connection will be stopped
---------------------------
OK
---------------------------
In the same situation, the NX client would ask if the key should be updated.
I can see that offering such a direct option is a good idea from a
usability viewpoint, but a bad one from a security viewpoint, as users
tend to click yes/allow on every popup they see.
The current approach of x2goclient is the total opposite.
A moderately experienced Linux user might figure out that ssh-keygen -R
<hostip> will help, but to a Windows user, this will be an unsolvable
mystery.
I would like to suggest adding an option to remove/update the key from
within the X2Go-Client. However, to avoid "user click-through", it
should be somewhere in the menu, and the popup message should be amended
with a note pointing to that menu.
-Stefan
_______________________________________________
X2Go-Dev mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/x2go-dev
