[Labs-l] Fingerprint change
Tim Landscheidt
tim at tim-landscheidt.de
Thu Aug 27 00:16:29 UTC 2015
Huji Lee <huji.huji at gmail.com> wrote:
> No, the banner is shown BEFORE authentication is made; see sshd_config
> <http://linux.die.net/man/5/sshd_config>.
> [...]
Yes, but the fingerprint is checked before any banner is
transmitted. I just confirmed that by setting Banner on a
host, reloading sshd, connecting to it, confirming the ban-
ner is shown, changing the host's fingerprint in my
~/.ssh/known_hosts and trying to connect again. /Before/
the banner was displayed, the message:
| The authenticity of host '$host (<no hostip for proxy command>)' can't be established.
| ECDSA key fingerprint is $fingerprint.
| Are you sure you want to continue connecting (yes/no)? no
was shown.
Tim
More information about the Labs-l
mailing list