Partially Solved! Re:Multiple ssh keys in known_hosts possible?

Fri Jul 13 13:20:30 UTC 2007

On 7/13/07, Kihara Muriithi <william.muriithi-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> Hi pals,
>
> I have come across this problem also, and I ended up giving up. As
> Sorensen just mentioned, the application is designed to avoid
> insecurity due to this situation.
>
> I came across the problem when trying to back up Cisco PIX
> configurations. The script logs in through ssh and push the recent
> configuration somewhere else. This works until the backup takeover.
> Since both primary and backup share the same IP, ssh log in fails as
> the Primary PIX key is  different from the backup key. After reaching
> the end of the rope on finding a solution, I gave up using ssh,
> enabled telnet on pix and that is what is in use for backup. Not a
> secure solution, but working at least.
>
> I would be happy is someone here have a solution for this problem. I
> don't know if Kelly solution would help, but I will look at it.
> Anyway, a solution that don't use port would be more ideal

I liked the idea of using the same host key on multiple systems.  The
security concern is minimal.  *You* know why they have the same host
key and you know its not a man in the middle attack.

Technically, I think the real problem is that you should be accessing
them over a management interface rather than the external load
balanced interface.  But... tight budget right?

>From a security standpoint, you probably do not want ssh exposed on
all the machines anyway.  As soon as a machine is external facing,
it's extremely important to keep up on all security updates as quickly
as possible, if not, faster.  What you should probably do is dedicate
the task of remote management to one pair of external machines.  These
would probably not be used for your primary business, because you
don't want a last-minute-mission-critical ssh patch going in on your
systems with the highest availability.  You need time to test it, or
time to ensure you can respond to an emergency if the patch goes awry
(assuming a shoestring budget).

Then if you need to administer anything else in the environment, you
use SSH tunnels or similar.  It's less convenient, but it is a lot
more secure.

There isn't much point in even clustering SSH.  You might just want to
use different ports.  one for your "primary" administrative gateway,
the second for your "backup" administrative gateway.  If you use
different hostnames for the two systems (with the same IP) in your
/etc/hosts, I'm pretty sure it will get past your key problem for
scripts.

And finally, since you're only using one pair of SSH accounts, only
allow key-based authentication and do not give out accounts to
untrusted people.  This is external facing, people will try strange
things.

-Mike
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists