[Feature Request] Add (and check against) IP to known_hosts even when domain is used to connect

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hello,

I spent the whole day searching around and the conclusion of my research by now is that what I want to accomplish is currently not possible without too much compromises.

A brief summary of my usecase (feature idea below):

What I would like the do is to have many (sub)domains pointing to the same server. This *may* be hundreds and they may change so it is not practical to add all of them to known_hosts. Also I don't want to use the wildcard feature since the dns is not necessarily trusted and the domain may be shared between multiple users all having subdomains there.

The reason why I want to do that is because I have many different services on different servers. Currently I have to remember or write down which service is running on which server. But I would prefer to just have a subdomain for every service to connect to the respective server.

The problem is that currently, even if the ip of the server is always the same, I have to say "yes" to the question which adds the host to known_hosts for *every* of the domains.

This could even lead to a security problem because if you have to do this that often then you'll get into the mode "ah, it asks me if the key is correct, probably I haven't used this domain before to connect".


So my feature idea would be the following:

Something like a configuration option saying "Always resolve DNS before host key checking". Probably the name already tells what it's about. So with this option enabled openSSH would, before adding the host to known_hosts and before checking a host against known_hosts resolve it to the ip and then check the ip instead of the domain. So if I'd do

ssh user@xxxxxxxxxxx

it'd not check if known_hosts contains example.com but instead resolve example.com to an ip adress (which it does anyway), say 95.95.95.95 and then check this IP against known_hosts (or add it if it's is not in the file and the user says yes)

So what do you think? Could this feature help more people than just me? Does it maybe introduce some security problems which I did not see yet?

One person which I told about the idea said "but the IP could be spoofed". But as far as my understanding goes A) the same problem is currently present the other way around if the dns gets spoofed and B) the identity of the server should still be verified by it's private key.

Just in case this feature does exist against all my research: I'm sorry. I really spent hours to prepare before disturbing you

Thank you in advance for your time and thank you for your great work!

Kind regards

Joshua

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux