Jason McIntosh: August 2008 Archives

Anyone who has used Unix more than a little has probably seen this message. I estimate I've seen it, oh, maybe as many as one hundred times in my career so far.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.

It appears when you try to use the ssh command, which opens a secure login session with a remote Unix machine, but your own computer detects that something about the target machine's identity changed between the last time you connected to it and now.

In my experience, every single time this has happened, it's because the remote machine changed its IP address for one reason or another. That's not something that normally happens often to an individual machine, but when your normal daily routine involves connecting to an ever-changing variety of computers
via ssh, it's not an entirely rare phenomenon, either. So, I end up seeing this message once a month or more.

Its all-caps, exclamation-point-studded text is clearly meant to convey alarm and urge immediate wariness, but after you've seen it a handful of times, all that stuff is completely invisible. When I see it now, I think: Oh, has this machine's IP changed? Yes, I suppose it has. OK. It's good that I think that, but it has rather little to do with the words on the screen.

More valuable is the fact that ssh will refuse to create the connection until you edit a file containing the target machine's public key. (Typically, you just blow away the old key and let ssh generate a fresh one for the target machine's new identity.) This is correct behavior, and forces the user to think about what they're doing. I just wish that its programmers (or, today, its maintainers) chose a warning message that looks less like screaming paranoia that users will start to ignore the third time they see it, and more like rational admonition requiring a prudent safeguard. Hey, something changed. As a security precaution, I'm not letting you make this connection until you edit your .ssh/known_hosts file. You should only do this if you know why the target machine changed its identity. If you're not sure about this, consult your system administrator. That's all.

Our office space and mailing address have moved. From now on, please address all written correspondence and other postal materials to:

Appleseed Software Consulting
24 Lexington Ave.
#1
Somerville, MA 02144

This is the only pointer-change; all relevant email addresses and phone numbers remain as they were.

A List Apart, an online magazine about web design (in both the graphical and application-interface sense), has posted a new survey for web professionals, in an effort to construct a snapshot of the state of this young but enormous industry. Anyone who falls under the statement "I make websites" is invited to participate, anywhere in the world.

They did this last year, too, and this is an improved version of the survey based on what they learned as a result. I hadn't heard of that first attempt, but apparently its results impressed plenty of folks, as I've run into several pointers towards this followup effort. (And now you have another one.) I am definitely looking forward to seeing the results.

A bit of behind-the-scenes for you: when I first went independent last year, I gave myself the title "web architect", but wise friends advised me to drop that for being a phrase rather meaningless to anyone outside the profession - and, indeed, when I used it at local business conferences, I found myself having to explaining what it meant to nearly everyone I handed my card to. So I took on "software consultant" as a mantle, and have been trying hard to live up to that since. You can imagine, then, my surprise at discovering that "consultant" wasn't an option, but "architect" was, in this survey's multiple-choice list of job titles! "Other" it is, for me.