Re: Possible bug: SSH doesn't prefer host keys listed in SSHFP records while connecting.

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Well, known_hosts isn't exactly trusted input, since it's usually
composed of the keys you first encounter, without any additional
checking, as opposed to (hopefully) correctly signed SSHFP records.

On Sat, Feb 23, 2019 at 10:22 PM Peter Stuge <peter@xxxxxxxx> wrote:
>
> Yegor Ievlev wrote:
> > > I think it's a very bad idea to have the client start treating foreign
> > > network input as equivalent to local configuration.
> >
> > Well, SSHFP is supposed to only be used on DNSSEC-enabled domains.
>
> To the client it's still foreign input, even though it's signed by
> (best case) the remote site DNS administrator.
>
>
> //Peter
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@xxxxxxxxxxx
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux