Jun. 21st, 2012

Listening without hearing

Jun. 21st, 2012 07:26 pm
sawyl: (Default)
Despite the strike, I managed to get a doctor's appointment to get my hearing looked at. It seems as though the proximate cause might be some sort of infection but if it is, it's being exacerbated by large amounts of accreted gunk. So it's ear drops for a couple of weeks in the hope that things will clear up on their own, with a follow-up appointment in a couple of weeks to get everything scrubbed out and my eardrums closely inspected for signs of anything more sinister.

Meanwhile, it looks as though I'm just going to have to put up with not being able to follow conversations. If nothing else, it's going to wonders for my productivity...
Tags:
  • Add Memory
  • Share This Entry

Secure shell and unique host keys

Jun. 21st, 2012 08:21 pm
sawyl: (Default)
Spent a big chunk of my afternoon going through the high level implementation of the secure shell protocol, patiently trying to explain to someone why replacing the host keys was (a) necessary; (b) why this work had caused a few, transient man-in-the-middle warnings; and (c) why these warnings could not possibily have triggered any of the problems he was concerned about.

Essentially, the problem has occurred because:

  • in order to implement hostbased authentication, each host seems to require a unique public-private key pair (I haven't been able to convince myself, ab initio that this necessary, but I've also been unable to get hostbased authentication to work without it)
  • all the OS images are clones of a single instance meaning that they default to using the same host key
  • the only way to apply a customisation is through a post-boot script that copies the host-specific key into place halfway through the boot sequence, creating a window where the host will response to ssh requests with the wrong host key
  • the caching of host keys in ~/.ssh/known_hosts makes it possible for an invalid host key to be added to the system
  • someone has added StrictHostChecking no to the configuration causing the commands to work even when the host keys don't match, further adding to the confusion

After explaining all this a couple of times, somewhat incoherently, and following it up with an email, I'm not entirely convinced that I managed to get my point across and I was tempted to round the discussion off with, "Trust me: even if you don't understand it, I do and it isn't a problem..." Fortunately, tact and good sense prevailed over scarcasm and desire to be patronising.

Tags:
  • Add Memory
  • Share This Entry

Profile

sawyl: (Default)
sawyl

August 2018

S M T W T F S
   123 4
5 6 7 8910 11
12131415161718
192021222324 25
262728293031 

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Mar. 23rd, 2026 04:18 pm
Powered by Dreamwidth Studios