Open GoogleCodeExporter opened 9 years ago
I've just spent an hour verifying my SSH host keys against backups due to this
issue. I went into full paranoia mode. I believe this should be a high priority
issue as this will cause both false negatives (people believing a host
fingerprint alert to be fine because they have had it on other servers too) and
false positives (where ECDSA is now preferred over RSA).
The change log that I can see on Google Play did not suggest that a change to
host key preference was in the update. I can't really see anything in the
commit log which would explain this change of behaviour either. I've probably
just missed something.
Could the behaviour be changed to tell users that the host key has been
verified by RSA however a new ECDSA fingerprint can be saved for future use?
Phone: HTC One m8
Android 5.0.1 with Sense 6.0
Thanks,
Tom
Original comment by tg.mufcn...@gmail.com
on 31 Mar 2015 at 7:24
I ran into the same problem.
Some previously saved host connections don't work anymore.
sshd server auth.log (debug level 3):
Apr 1 00:56:45 sshd[14005]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Apr 1 00:56:45 sshd[14005]: Connection closed by 192.168.1.103 [preauth]
Connections, that still work are those, where the server has no ECSDA auth.
Possible workarounds are:
* Disabling the ECDSA host key on the sshd_config and restart (if you have
permission to do this):
#HostKey /etc/ssh/ssh_host_ecdsa_key
* Downgrade the App ;)
Original comment by dammme...@googlemail.com
on 31 Mar 2015 at 11:22
Snap. Latest connectbot against Fedora 20, saved connection moans about "Host
key changed", and lists a "Host EC fingerprint" to verify against.
Original comment by tom.chiv...@gmail.com
on 1 Apr 2015 at 6:45
Original issue reported on code.google.com by
far...@gmail.com
on 27 Mar 2015 at 7:54