Stefan Sperling wrote on Sat, 20 Jul 2019 09:51 +00:00:
> But as a user I find it infuriating when software I use contains
> artificial restrictions like this. We should assume our users know
> what they are doing. Subversion is not a web browser.
I'm not entirely sure I'm convinced by this logic. Let's take OpenSSH for example:
[[[
% ed .ssh/known_hosts
g/^hermes/d
s/^[^ ]*/hermes.apache.org/
w
q
% ssh hermes.apache.org
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:gJUlDrKOTnUQ/lAx6eM4Ylq6z/5ere2tJoLEgrfM++A.
Please contact your system administrator.
Add correct host key in /home/daniel/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/daniel/.ssh/known_hosts:26
remove with:
ssh-keygen -f "/home/daniel/.ssh/known_hosts" -R hermes.apache.org
ECDSA host key for hermes.apache.org has changed and you have requested strict checking.
Host key verification failed.
zsh: exit 255 ssh hermes.apache.org
]]]
The error message does not give a way to continue the operation, but it
does tell you what command to run if you would like to proceed anyway.
This way, the buck stops with the user, but the program makes it quite
clear that this is an abnormal situation and caution should be
exercised.
Should we do something similar (but without the all-caps? That's why
I proposed writing a command that takes a certificate on stdin and marks
it as trusted.
Daniel
Received on 2019-07-20 20:54:39 CEST