> Uri (earlier in this thread) does answer this question clearly (that
> the principal should be the hostname only), and, now that I've found
> PROTOCOL.certkeys, this seems to be spelt out unambiguously there too:
In turn this means:
One cannot expect several SSH services on a single host to be securely distinguishable
from each other by their particular service key. So if one of the SSH services gets
compromised all SSH services on this host are subject to MITM attacks with the private
key of the compromised service.
Yes and no. The standards wisely do not allow port numbers as a part of the DNS identity.
On the other hand, nobody prevents you from having different key pairs for the same host name, given to different servers that you insist should run on the same host but on different ports (for example, I have one “name”, but a pile of certificates and corresponding key pairs for that name that I present to different (appropriate) entities). You can even figure how to mix their port numbers into their names (just don’t make it “hostname” :).
I still think it’s not a very good idea to “securely distinguish several SSH services running on a single host”, but it seems entirely doable if you’re bent on it.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
