On Fri, 9 Dec 2016, Harald Dunkel wrote: > Hi folks, > > maybe I am too blind to see, but would it be possible to > avoid extra entries in known_hosts, if the remote host > has a signed public key matching a @cert-authority line? > Something like > > Host * > HashKnownHosts unsigned > > This could help to keep the known_hosts file small and > yet get all the unsigned public keys in. Certificates aren't added to known_hosts when the CA is trusted, so this is pretty much already the behaviour. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev