Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reuse of private RSA hostKey, but warnings still shows up #73

Open
consideRatio opened this issue Jul 21, 2022 · 1 comment
Open

Reuse of private RSA hostKey, but warnings still shows up #73

consideRatio opened this issue Jul 21, 2022 · 1 comment

Comments

@consideRatio
Copy link
Collaborator

consideRatio commented Jul 21, 2022
edited
Loading

The following command...

sftp -P 2222 [email protected]

Can lead to the following warning...

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: POSSIBLE DNS SPOOFING DETECTED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for [[hub.jupytearth.org](http://hub.jupytearth.org/)]:2222 has changed,
and the key for the corresponding IP address [54.190.190.96]:2222
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@  WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!   @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is

This happens even if we reuse a RSA key via #44.

Why?

Could it be that a public key is re-created from the fixed private key, and that public key is changed slightly via a timestamp or similar, and that causes this warning?

It seems that the provided hostKey helm chart configuration is only consumed here, as a path to the private RSA key provided.

jupyterhub-ssh/jupyterhub_ssh/__init__.py

Lines 314 to 321 in 923e230

async def start_server(self):
await asyncssh.listen(
host="",
port=self.port,
server_factory=partial(NotebookSSHServer, self),
line_editor=False,
password_auth=True,
server_host_keys=[self.host_key_path],

@consideRatio
Copy link
Collaborator Author

Related

Questions

  • Is my guess reasonable that the public key seems different, and that is whats warned about?
  • What makes the public key look different when generated from the private key provided?
  • Can we make the generated public key be the same or pre-generate it in a consistent way?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@consideRatio