On Fri, Mar 15, 2019 at 2:13 AM Jochen Bern <Jochen.Bern@xxxxxxxxx> wrote: > > If the host keypair(s) are truly useless for identifying a *single*, > short-lived target host, my suggestion would be to include "global" > keypairs into the image (and have them still replaced once in a while). > That would at least protect clients from a fake host set up by someone > who doesn't have access to the image or the legit hosts. (Or from > accidentally shredding a genuine "permanent" system that somehow > obtained the DNS name / IP of a short-lived one.) > > If, however, reimaging is a standardized process that might allow the > new host pubkey(s) to be collected and distributed in one fell swoop, > there's the GlobalKnownHostsFile setting which is *supposed* to point to > a file maintained by the *sysadmins* ... These are development builds of software images that will eventually be shipped to customers, so we'd strongly prefer not to hardcode any host keys since that could accidentally end up getting shipped someday. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev