On Fri, 2012-02-17 at 14:41 +0100, [email protected] wrote: > Hi list, > > after swapping a server and trying to connect to it with X2Go, > x2goclient greets me with > > --------------------------- > Authentification failed > --------------------------- > Host key for server changed. > It is now: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx > For security reasons, connection will be stopped > --------------------------- > OK > --------------------------- > > In the same situation, the NX client would ask if the key should be updated. > > I can see that offering such a direct option is a good idea from a > usability viewpoint, but a bad one from a security viewpoint, as users > tend to click yes/allow on every popup they see. > > The current approach of x2goclient is the total opposite. > > A moderately experienced Linux user might figure out that ssh-keygen -R > <hostip> will help, but to a Windows user, this will be an unsolvable > mystery. > > I would like to suggest adding an option to remove/update the key from > within the X2Go-Client. However, to avoid "user click-through", it > should be somewhere in the menu, and the popup message should be amended > with a note pointing to that menu. <snip> That's an interesting compromise :) - John
_______________________________________________ X2Go-Dev mailing list [email protected] https://lists.berlios.de/mailman/listinfo/x2go-dev
