mirror of
https://github.com/debauchee/barrier.git
synced 2026-05-15 14:16:02 -06:00
[GH-ISSUE #685] remove old ssh fingerprint if using barrier between machines with old fingerprints #541
Labels
No labels
HiDPI
bounty
bsd/freebsd
bsd/openbsd
bug
bug
build-infra
cantfix
critical
doc
duplicate
enhancement
fix-available
from git
from release
good first issue
help wanted
installer/package
invalid
linux
macOS
meta
needs testing
pull-request
query
question
regression
regression
v2.4.0
windows
wontfix
work-in-progress
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/barrier#541
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @allegfede on GitHub (May 22, 2020).
Original GitHub issue: https://github.com/debauchee/barrier/issues/685
Operating Systems
Server: ubuntu 19.10 64bit (barrier 2.3.1 release 0)
Client: Raspbian 10 buster (barrier 2.2.0 release 0)
on server errors on log like this:
[2020-05-22T18:04:38] INFO: starting server
[2020-05-22T18:04:38] INFO: config file: /tmp/Barrier.FhTHNA
[2020-05-22T18:04:38] INFO: log level: INFO
barriers: no configuration available
[2020-05-22T18:04:38] ERROR: cannot read configuration "/tmp/Barrier.imIpqW": read error: line 2: invalid screen name "Senza nome"
SOLUTION: add the client name (actutally raspberrypi)
on client:
server refused client with our name
[2020-05-22T18:12:39] NOTE: connecting to '192.168.1.232': 192.168.1.232:24800
[2020-05-22T18:12:39] INFO: OpenSSL 1.1.1d 10 Sep 2019
[2020-05-22T18:12:39] NOTE: server fingerprint: 09:EC:F2:1C:99:52:B3:B4:8D:01:3A:A0:8A:D7:D7:4F:B9:BF:10:AC
[2020-05-22T18:12:39] INFO: connected to secure socket
[2020-05-22T18:12:39] INFO: server ssl certificate info: /CN=Barrier
[2020-05-22T18:12:39] INFO: TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
[2020-05-22T18:12:39] ERROR: server refused client with name "raspberrypi"
SOLUTION:
ssh-keygen -f "/home/v1p3r/.ssh/known_hosts" -R "192.168.1.18"
....... that replies:
Host 192.168.1.18 found: line 2
/home/v1p3r/.ssh/known_hosts updated.
Original contents retained as /home/v1p3r/.ssh/known_hosts.old
Now they both connect.
PS: i got the hint when trying to connect trought ssh:
ssh pi@192.168.1.18
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:MfqtHpOrtnlp6mZmxDSO1haqdGDbLT7CGaabKq89sMg.
Please contact your system administrator.
Add correct host key in /home/v1p3r/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/v1p3r/.ssh/known_hosts:2
remove with:
ssh-keygen -f "/home/v1p3r/.ssh/known_hosts" -R "192.168.1.18"
ECDSA host key for 192.168.1.18 has changed and you have requested strict checking.
Host key verification failed.
@simons-public commented on GitHub (May 25, 2020):
@allegfede Barrier uses it's own fingerprints that are not shared with ssh. On Linux the fingerprints are located at
~/.local/share/barrier/SSL/Fingerprints.Also, it would be a security concern to automatically remove old fingerprints. The main reason they exist is to prevent other computers from masquerading as a machine you have configured. It would be undesirable for old fingerprints to be automatically removed from barrier or ssh.
@shymega commented on GitHub (May 25, 2020):
Sorry, meant to reply to this. @simons-public is quite correct. Barrier doesn't use SSH at all, but SSL instead.
Closing now.