[snip] > > One thing I didn't follow in this story is why did this 'virus' change > the host key? > It's not like you can't use the old key with the new sshd install, is it?
I see no problem with doing so, I have done so regularly in the past when doing upgrades. As long as you back up your host keys (/etc/ssh) and the hostname remains the same you shouldn't have any issues reusing the old keys once you restore them from your backup. (Which I'm assuming you made before you began your upgrade. <Insert rant about backups from Nick here> :-) > > Another thing is trusting the updated hostkey. Imagine you are a > sysadmin at a university. Do you keep the old hostkey when you > reinstall the system on a specific host? What about when you upgrade a > Sun workstation, but keep the old hostname? How am I as a student may > know if the new hostkey is legitimate? Good thing if I have an entry > of another Sun workstation in the destination network in my > .ssh/known_hosts, to which I could ssh and see if the host in question > shows the same signature 'locally', but what if I don't? > A list of trusted keys that is accessable for verification, or notifications of hostkey changes, would probably a good thing. If this is provided users can verify the new hostkey against the list and make sure it is a legitimate key. Tim Donahue
