Hello,
I spent the whole day searching around and the conclusion of my research
by now is that what I want to accomplish is currently not possible
without too much compromises.
A brief summary of my usecase (feature idea below):
What I would like the do is to have many (sub)domains pointing to the
same server. This *may* be hundreds and they may change so it is not
practical to add all of them to known_hosts. Also I don't want to use
the wildcard feature since the dns is not necessarily trusted and the
domain may be shared between multiple users all having subdomains there.
The reason why I want to do that is because I have many different
services on different servers. Currently I have to remember or write
down which service is running on which server. But I would prefer to
just have a subdomain for every service to connect to the respective server.
The problem is that currently, even if the ip of the server is always
the same, I have to say "yes" to the question which adds the host to
known_hosts for *every* of the domains.
This could even lead to a security problem because if you have to do
this that often then you'll get into the mode "ah, it asks me if the key
is correct, probably I haven't used this domain before to connect".
So my feature idea would be the following:
Something like a configuration option saying "Always resolve DNS before
host key checking". Probably the name already tells what it's about. So
with this option enabled openSSH would, before adding the host to
known_hosts and before checking a host against known_hosts resolve it to
the ip and then check the ip instead of the domain. So if I'd do
ssh user@xxxxxxxxxxx
it'd not check if known_hosts contains example.com but instead resolve
example.com to an ip adress (which it does anyway), say 95.95.95.95 and
then check this IP against known_hosts (or add it if it's is not in the
file and the user says yes)
So what do you think? Could this feature help more people than just me?
Does it maybe introduce some security problems which I did not see yet?
One person which I told about the idea said "but the IP could be
spoofed". But as far as my understanding goes A) the same problem is
currently present the other way around if the dns gets spoofed and B)
the identity of the server should still be verified by it's private key.
Just in case this feature does exist against all my research: I'm sorry.
I really spent hours to prepare before disturbing you
Thank you in advance for your time and thank you for your great work!
Kind regards
Joshua
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev