On 03/05/06, Chris Kuethe <[EMAIL PROTECTED]> wrote:
On 5/2/06, Constantine A. Murenin <[EMAIL PROTECTED]> wrote:
> Another thing is trusting the updated hostkey. Imagine you are a
> sysadmin at a university. Do you keep the old hostkey when you
> reinstall the system on a specific host? What about when you upgrade a
> Sun workstation, but keep the old hostname? How am I as a student may
> know if the new hostkey is legitimate? Good thing if I have an entry
> of another Sun workstation in the destination network in my
> .ssh/known_hosts, to which I could ssh and see if the host in question
> shows the same signature 'locally', but what if I don't?
Yes, we do try hard to keep the host keys the same. I get very grumpy
at people who change host keys without a good reason.
If you backup a key from an old workstation onto a new workstation,
and then dispose of the old workstation [in the university setting],
then what if the intruider gets access to the HDD data (i.e. the key)
of the old workstation?
C.
