[27585] in Source-Commits


home	help	back	first	fref	pref	prev	next	nref	lref	last	post
ssh-client-config commit: Add GlobalKnownHostsFile for athena.dialup and scripts

daemon@ATHENA.MIT.EDU (Anders Kaseorg)
Tue Feb 4 00:45:16 2014

Date: Tue, 4 Feb 2014 00:45:09 -0500
From: Anders Kaseorg <andersk@MIT.EDU>
Message-Id: <201402040545.s145j9nV006436@drugstore.mit.edu>
To: source-commits@MIT.EDU

https://github.com/mit-athena/ssh-client-config/commit/22f2687a66032603bc2d9426d428c17671033c01
commit 22f2687a66032603bc2d9426d428c17671033c01
Author: Anders Kaseorg <andersk@mit.edu>
Date:   Sun Feb 2 21:53:14 2014 -0500

    Add GlobalKnownHostsFile for athena.dialup and scripts
    
    Signed-off-by: Anders Kaseorg <andersk@mit.edu>

 debian/changelog                           |    3 +++
 debian/debathena-ssh-client-config.install |    1 +
 debian/transform_ssh_config.debathena      |    1 +
 ssh_known_hosts.debathena                  |    3 +++
 4 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 908836d..d7cf39a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,9 @@ debathena-ssh-client-config (1.7) UNRELEASED; urgency=medium
   * Disable GSSAPIKeyExchange.  Unfortunately, it seems to have security
     problems with hostname canonicalization for which we currently have no
     mitigation mechanism.  (Trac: #1386)
+  * Add GlobalKnownHostsFile with known keys for athena.dialup.mit.edu and
+    scripts.mit.edu, to reduce extra prompts from disabling
+    GSSAPIKeyExchange.
 
  -- Anders Kaseorg <andersk@mit.edu>  Sun, 02 Feb 2014 19:58:05 -0500
 
diff --git a/debian/debathena-ssh-client-config.install b/debian/debathena-ssh-client-config.install
new file mode 100644
index 0000000..aa93c52
--- /dev/null
+++ b/debian/debathena-ssh-client-config.install
@@ -0,0 +1 @@
+ssh_known_hosts.debathena etc/ssh
diff --git a/debian/transform_ssh_config.debathena b/debian/transform_ssh_config.debathena
index 54cef53..927f89a 100755
--- a/debian/transform_ssh_config.debathena
+++ b/debian/transform_ssh_config.debathena
@@ -1,3 +1,4 @@
 #!/usr/bin/perl -0p
 s/^\s*#?\s*GSSAPIAuthentication.*\n//mg;
 s/$/\n    GSSAPIAuthentication yes/ or die;
+s/$/\n    GlobalKnownHostsFile \/etc\/ssh\/ssh_known_hosts \/etc\/ssh\/ssh_known_hosts2 \/etc\/ssh\/ssh_known_hosts.debathena/ or die;
diff --git a/ssh_known_hosts.debathena b/ssh_known_hosts.debathena
new file mode 100644
index 0000000..b0d319c
--- /dev/null
+++ b/ssh_known_hosts.debathena
@@ -0,0 +1,3 @@
+athena.dialup,athena.dialup.mit.edu,test.dialup,test.dialup.mit.edu,ftp.dialup,ftp.dialup.mit.edu,linux.dialup,linux.dialup.mit.edu,x.dialup,x.dialup.mit.edu,athena-x.dialup,athena-x.dialup.mit.edu,all-night-tool,all-night-tool.dialup,all-night-tool.mit.edu,all-night-tool.dialup.mit.edu,biohazard-cafe,biohazard-cafe.dialup,biohazard-cafe.mit.edu,biohazard-cafe.dialup.mit.edu,buzzword-bingo,buzzword-bingo.dialup,buzzword-bingo.mit.edu,buzzword-bingo.dialup.mit.edu,contents-vnder-pressvre,contents-vnder-pressvre.dialup,contents-vnder-pressvre.mit.edu,contents-vnder-pressvre.dialup.mit.edu,department-of-alchemy,department-of-alchemy.dialup,department-of-alchemy.mit.edu,department-of-alchemy.dialup.mit.edu,grumpy-fuzzball,grumpy-fuzzball.dialup,grumpy-fuzzball.mit.edu,grumpy-fuzzball.dialup.mit.edu,home-on-the-dome,home-on-the-dome.dialup,home-on-the-dome.mit.edu,home-on-the-dome.dialup.mit.edu,mass-toolpike,mass-toolpike.dialup,mass-toolpike.mit.edu,mass-toolpike.dialup.mit.ed!
 u,mint-square,mint-square.dialup,mint-square.mit.edu,mint-square.dialup.mit.edu,nerd-xing,nerd-xing.dialup,nerd-xing.mit.edu,nerd-xing.dialup.mit.edu,no-knife,no-knife.dialup,no-knife.mit.edu,no-knife.dialup.mit.edu,scrubbing-bubbles,scrubbing-bubbles.dialup,scrubbing-bubbles.mit.edu,scrubbing-bubbles.dialup.mit.edu,ten-thousand-dollar-bill,ten-thousand-dollar-bill.dialup,ten-thousand-dollar-bill.mit.edu,ten-thousand-dollar-bill.dialup.mit.edu ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAyIC4b705cYi5ppJuGvojY1Ux7zbWDUjAXBEPjpXY9uK2FqYLDNGL0wnSOD2l55M8GX+3Ks3/eJVvQFegOt3tzZRkfi52TPAE0FRF/zbi7nnODNSf/kHhuwQwHJCTAhDIujhgXAgscIIY/tvllVyCrKEuWRAk58c5zAM4juS+MlM=
+athena.dialup,athena.dialup.mit.edu,test.dialup,test.dialup.mit.edu,ftp.dialup,ftp.dialup.mit.edu,linux.dialup,linux.dialup.mit.edu,x.dialup,x.dialup.mit.edu,athena-x.dialup,athena-x.dialup.mit.edu,all-night-tool,all-night-tool.dialup,all-night-tool.mit.edu,all-night-tool.dialup.mit.edu,biohazard-cafe,biohazard-cafe.dialup,biohazard-cafe.mit.edu,biohazard-cafe.dialup.mit.edu,buzzword-bingo,buzzword-bingo.dialup,buzzword-bingo.mit.edu,buzzword-bingo.dialup.mit.edu,contents-vnder-pressvre,contents-vnder-pressvre.dialup,contents-vnder-pressvre.mit.edu,contents-vnder-pressvre.dialup.mit.edu,department-of-alchemy,department-of-alchemy.dialup,department-of-alchemy.mit.edu,department-of-alchemy.dialup.mit.edu,grumpy-fuzzball,grumpy-fuzzball.dialup,grumpy-fuzzball.mit.edu,grumpy-fuzzball.dialup.mit.edu,home-on-the-dome,home-on-the-dome.dialup,home-on-the-dome.mit.edu,home-on-the-dome.dialup.mit.edu,mass-toolpike,mass-toolpike.dialup,mass-toolpike.mit.edu,mass-toolpike.dialup.mit.ed!
 u,mint-square,mint-square.dialup,mint-square.mit.edu,mint-square.dialup.mit.edu,nerd-xing,nerd-xing.dialup,nerd-xing.mit.edu,nerd-xing.dialup.mit.edu,no-knife,no-knife.dialup,no-knife.mit.edu,no-knife.dialup.mit.edu,scrubbing-bubbles,scrubbing-bubbles.dialup,scrubbing-bubbles.mit.edu,scrubbing-bubbles.dialup.mit.edu,ten-thousand-dollar-bill,ten-thousand-dollar-bill.dialup,ten-thousand-dollar-bill.mit.edu,ten-thousand-dollar-bill.dialup.mit.edu ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDz2XfcQvjx2Pd2pIWTPJYuNskw9D9QdtCVnCTsV+FIBno00PAWaeZztcwhplPa4A5u9IjVRJZzep6rX+0bqqGY=
+scripts,scripts.mit.edu,scripts-vhosts,scripts-vhosts.mit.edu,scripts-test,scripts-test.mit.edu,scripts1,scripts1.mit.edu,better-mousetrap,better-mousetrap.mit.edu,scripts2,scripts2.mit.edu,old-faithful,old-faithful.mit.edu,scripts3,scripts3.mit.edu,bees-knees,bees-knees.mit.edu,scripts4,scripts4.mit.edu,cats-whiskers,cats-whiskers.mit.edu,scripts5,scripts5.mit.edu,whole-enchilada,whole-enchilada.mit.edu,scripts6,scripts6.mit.edu,pancake-bunny,pancake-bunny.mit.edu,scripts7,scripts7.mit.edu,busy-beaver,busy-beaver.mit.edu,scripts8,scripts8.mit.edu,real-mccoy,real-mccoy.mit.edu,shining-armor,shining-armor.mit.edu,scripts10,scripts10.mit.edu,golden-egg,golden-egg.mit.edu,scripts11,scripts11.mit.edu,miracle-cure,miracle-cure.mit.edu,scripts12,scripts12.mit.edu,lucky-star,lucky-star.mit.edu ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuEpkEgaIgjK7F1gV81lLSYTwSqIZX/9IJs37VaJCsJFv3D86uuJSdfI3Y94fPn2OH6AxfdaqGNksVdi27mKQfzvCB4ogjQgxmM391MIDLd+izZDY0YvCb4DqJLMJUpX49cNUMkj+/rJg1O0K2w/lb8DGr7!
 wdoLSPKCUJNJv5WMMDxpFL253lPELsmnds4T+R6LpTt6W9+FalHl84me51sEjV9PbmhcTaNwuoJStAjhrKPfgHHDIKNyCUvaVkoHPXEsdzz00yY7i57djyZlzPV/jM7LKar+Xw2LB0Z3098IQcdbD8zmz2DdakPTlShxavNPC6kZDZ3WVqziC+bszaSQ==

home	help	back	first	fref	pref	prev	next	nref	lref	last	post
[27585] in Source-Commits

ssh-client-config commit: Add GlobalKnownHostsFile for athena.dialup and scripts

daemon@ATHENA.MIT.EDU (Anders Kaseorg)Tue Feb 4 00:45:16 2014

daemon@ATHENA.MIT.EDU (Anders Kaseorg)
Tue Feb 4 00:45:16 2014
