Hi Heinrich, On So 16 Jun 2013 14:36:32 CEST Heinrich Schuchardt wrote: > Dear maintainer, > > from time to time the SSH key used for identification by a X2GO > server may change. > > When trying to connect the server a pop up is shown: > > "Anmeldung fehlgeschlagen" > "Host-Key des Servers hat sich geändert Er lautet jetzt: > 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 > Aus Sicherheitsgründen wird die Verbindung abgebrochen" > > The user is left puzzled with what he should do next. > > There is no indication in which file there is a problem, e.g. > ~/.ssh/known_hosts > or > %APPDATA%\ssh\known_hosts > > There is no indication which entry in this file is corrupted. > > Deleting file known_hosts is a bad idea because it may contain the > keys for dozens of validated servers. > > There are examples of more informative output, e.g. from command > line program ssh: > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! > Someone could be eavesdropping on you right now (man-in-the-middle attack)! > It is also possible that a host key has just been changed. > The fingerprint for the RSA key sent by the remote host is > 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00. > Please contact your system administrator. > Add correct host key in /home/user/.ssh/known_hosts to get rid of > this message. > Offending RSA key in /home/user/.ssh/known_hosts:1 > RSA host key for 10.0.0.5 has changed and you have requested strict checking. > Host key verification failed. > > Here I can identify the filename: /home/user/.ssh/known_hosts > and the line of the the entry: 1 > > Manual editing of known_hosts is now possible but not too good an > idea because it is error prone. > > A good solution is what you see in PuTTY. A warning pop up is shown > and you get the choice to update file known_hosts. > > Best regards The above surely is a good point to discuss first before implementing. Obviously, such a replace-host-key button would improve usability in case host key changes occur. However, if someone captured DNS and replaced my X2Go server by an agressive X2Go server, I (as developer) surely want to protect the user from simply klicking ,,Yeah, ok man... replace that host key... and can we go on then please...''. The SSH-unexperienced user (i.e. probably nearly everyone in the windows world) will then just simply click ,,replace host key''. So, for me this kind of replace-host-key dialog should at least have a double confirmation check dialog: Are you sure to replace... -> Are you really sure???. That kind of thing. Heinrich: if you could come up with a patch for this issue, it would surely speed up an inclusion of your requested feature. @all: comments, opinions on such a new feature? Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb