Conflict with managed/unmanaged domains
I have one server with 2 different domains:
- NAME.$domain: under monkeysphere management.
- git.$domain not under monkeysphere management.
First I can connect to the server via git.$domain:
(0) rhatto@box:~ $ ssh git.$domain
Last login: Sun Nov 14 16:52:21 2010 from box
(0) rhatto@NAME:~ $ logout
Then I connect via NAME.$domain:
(0) rhatto@box:~ $ ssh NAME.$domain
Last login: Sun Nov 14 16:52:21 2010 from box
(0) rhatto@NAME:~ $ logout
If I try to connect again via git.$domain, ssh prompts with fingerprint confirmation question:
(0) rhatto@box:~ $ ssh git.$domain
The authenticity of host '[git.$domain]:2204 (<no hostip for proxy command>)' can't be established.
RSA key fingerprint is XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX.
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.
(255) rhatto@box:~ $
Again, with debug enabled:
First I can connect to the server via git.$domain:
(0) rhatto@ratten:~ $ MONKEYSPHERE_LOG_LEVEL=debug ssh -p 2204 git.$domain
ms: checking path permission '/home/rhatto/.ssh/known_hosts'...
ms: checking '/home/rhatto/.ssh/known_hosts'
ms: checking '/home/rhatto/.ssh'
ms: tracing link /home/rhatto to /mnt/crypt/home/rhatto
ms: checking '/mnt/crypt/home/rhatto'
ms: checking '/mnt/crypt/home'
ms: checking '/mnt/crypt'
ms: checking '/mnt'
ms: checking '/'
ms: lock created on '/home/rhatto/.ssh/known_hosts'.
ms: processing: git.$domain:2204
ms: checking keyserver pool.sks-keyservers.net...
ms: no primary keys found.
ms: lock touched on '/home/rhatto/.ssh/known_hosts'.
ms: lock removed on '/home/rhatto/.ssh/known_hosts'.
Last login: Sun Nov 14 17:01:29 2010 from box
(0) rhatto@NAME:~ $ logout
Then I connect via NAME.$domain:
(0) rhatto@ratten:~ $ MONKEYSPHERE_LOG_LEVEL=debug ssh NAME.$domain
ms: checking path permission '/home/rhatto/.ssh/known_hosts'...
ms: checking '/home/rhatto/.ssh/known_hosts'
ms: checking '/home/rhatto/.ssh'
ms: tracing link /home/rhatto to /mnt/crypt/home/rhatto
ms: checking '/mnt/crypt/home/rhatto'
ms: checking '/mnt/crypt/home'
ms: checking '/mnt/crypt'
ms: checking '/mnt'
ms: checking '/'
ms: lock created on '/home/rhatto/.ssh/known_hosts'.
ms: processing: NAME.$domain:2204
ms: primary key found: XXXXXXXXXXXXXXXX
ms: * acceptable primary key.
ms: lock touched on '/home/rhatto/.ssh/known_hosts'.
ms: lock removed on '/home/rhatto/.ssh/known_hosts'.
ms: known_hosts file updated.
Last login: Sun Nov 14 17:01:34 2010 from box
(0) rhatto@NAME:~ $
If I try to connect again via git.$domain, ssh prompts with fingerprint confirmation question:
(0) rhatto@ratten:~ $ MONKEYSPHERE_LOG_LEVEL=debug ssh -p 2204 git.$domain
ms: checking path permission '/home/rhatto/.ssh/known_hosts'...
ms: checking '/home/rhatto/.ssh/known_hosts'
ms: checking '/home/rhatto/.ssh'
ms: tracing link /home/rhatto to /mnt/crypt/home/rhatto
ms: checking '/mnt/crypt/home/rhatto'
ms: checking '/mnt/crypt/home'
ms: checking '/mnt/crypt'
ms: checking '/mnt'
ms: checking '/'
ms: lock created on '/home/rhatto/.ssh/known_hosts'.
ms: processing: git.$domain:2204
ms: checking keyserver pool.sks-keyservers.net...
ms: no primary keys found.
ms: lock touched on '/home/rhatto/.ssh/known_hosts'.
ms: lock removed on '/home/rhatto/.ssh/known_hosts'.
The authenticity of host '[git.$domain]:2204 (<no hostip for proxy command>)
RSA key fingerprint is XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX.
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.
(255) rhatto@ratten:~ $
Disabling monkeysphere makes this problem disapear. So it looks like monkeysphere is removing my known_hosts entry for git.domain when it finds a matching key for NAME.
domain.
I wonder if this is a bug or if it's expected from the administrators to keep all keys under monkeysphere management.
(from redmine: created on 2010-11-14, closed on 2010-11-18)