Ping a Specific Port

Question

MarkHelms

Asked: 2018-01-31 06:12:49 +0800 CST2018-01-31 06:12:49 +0800 CST 2018-01-31 06:12:49 +0800 CST

alter ssh message for VerifyHostKeyDNS / SSHFP

772

For many of our openssh servers we have their fingerprints in DNS (SSHFP). We do not yet use secure DNS, i.e. though the FP is in DNS, a connect like

    ssh -o VerifyHostKeyDNS=yes <user>@sshserver

will be answered like

    Matching host key fingerprint found in DNS.

and unfortunately, but in full accordance with man man ssh

    Host key verification failed.

Since we have many external clients who come across this message it often invokes confusion and questions. Is there a way to change these messages?

1 Answers

Voted

Gerald Schneider · Answer 1 · 2018-01-31T06:21:51+08:00

Best Answer

Gerald Schneider

2018-01-31T06:21:51+08:002018-01-31T06:21:51+08:00

The messages are hardcoded into the SSH client. So unfortunately without changing the messages in the source code, recompiling the binaries for all possible platforms and distributing those files to your clients, who then have to replace the official binaries with your modified version there is no way to do this.

Extract from sshconnect2.c:

verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh)
{
    if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
        fatal("Host key verification failed.");
    return 0;
}

1

alter ssh message for VerifyHostKeyDNS / SSHFP

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?