prompt to update a host key

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



As far as I can tell, there currently isn't a straightforward way to
use password authentication for connecting to hosts where the host key
changes frequently. I realize this is a fairly niche use case, but
when developing software for devices that often get reimaged
(resulting in a host key change), it can get pretty tedious to attempt
to connect, get a warning, remove the old host key via text editor or
"ssh-keygen -R", and then connect again.

I'd like to propose adding a new StrictHostKeyChecking option, named
something like "ask-update" or "ask-to-update". This would be like
"ask", except it would prompt the user to update a host key if it has
changed (after printing a suitably scary warning). When connecting to
an unknown host, it would be equivalent to "ask".

I expect users would enable it explicitly for a limited set of hosts,
e.g. by adding a config section like

Host 192.168.0.*
StrictHostKeyChecking ask-update

If this idea sounds acceptable, I could potentially work on it, but I
don't mind at all if someone else is interested in doing it.

Thanks,
Jeremy
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux