----- Original Message ----- > From: "Phil Pennock" <phil.pennock@xxxxxxxxxxx> > To: openssh-unix-dev@xxxxxxxxxxx > Sent: Tuesday, 18 February, 2014 9:33:59 AM > Subject: [PATCH] verify against known fingerprints > > I've just written this patch, it's undergone minimal testing and "works > for me" and I'm after feedback as to acceptability of approach, anything > I should be doing differently for the feature to be acceptable upstream > and what I should be doing about automated testing. > > Use-case: you have the host's SSH fingerprints via an out-of-band > mechanism which you trust and want to be able to connect and have > verification use those known-good fingerprints and, if they match, > update known_hosts. Since you already have an out-of-band communication, why not provide a pre-populated ~/.ssh/known_hosts file though it? -- Regards, Hubert Kario BaseOS QE Security team Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
