[X2Go-Dev] Bug#241: Changed host key cannot be updated

[Heinrich Schuchardt]

Package: x2goclient
Version: 4.0.0.3
Severity: normal

Dear maintainer,

from time to time the SSH key used for identification by a X2GO server 
may change.

When trying to connect the server a pop up is shown:

"Anmeldung fehlgeschlagen"
"Host-Key des Servers hat sich geändert Er lautet jetzt:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Aus Sicherheitsgründen wird die Verbindung abgebrochen"

The user is left puzzled with what he should do next.

There is no indication in which file there is a problem, e.g.
~/.ssh/known_hosts
or
%APPDATA%\ssh\known_hosts

There is no indication which entry in this file is corrupted.

Deleting file known_hosts is a bad idea because it may contain the keys 
for dozens of validated servers.

There are examples of more informative output, e.g. from command line 
program ssh:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00.
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this 
message.
Offending RSA key in /home/user/.ssh/known_hosts:1
RSA host key for 10.0.0.5 has changed and you have requested strict 
checking.
Host key verification failed.

Here I can identify the filename: /home/user/.ssh/known_hosts
and the line of the the entry: 1

Manual editing of known_hosts is now possible but not too good an idea 
because it is error prone.

A good solution is what you see in PuTTY. A warning pop up is shown and 
you get the choice to update file known_hosts.

Best regards

Heinrich Schuchardt