On 18/8/23 18:28, Darren Tucker wrote:
Ahh, in my scanning through the `ssh_config` manpage, I missed this, and
change logs seem to indicate this feature has been around since at least
2017, so should not cause compatibility issues with the other users.
The OpenSSH Release Notes page is a good way to check on this kind of
thing, it has all release notes in reverse chronological order:
https://www.openssh.com/releasenotes.html
In this case it shows that HostKeyAlias was added in version 2.5.1 in
2001. If you're using a version older than that, the lack of
HostKeyAliases would be the least of your problems.
Agreed… 2001-era OpenSSH is positively ancient. I have to contend with
hosts that don't support ED25519 (yeah, I had to be "trendy" when I last
set up the YubiKey didn't I?) and some that use ssh-rsa public keys, but
nothing quite that ancient thankfully.
By far using `HostKeyAlias` is the closest to achieving what I'm after.
Downside being the client will "forget" the host keys (because it
doesn't know what IP corresponds to what alias) and have to be told to
accept them again. From that point though, there should be no clashes.
One can set `StrictHostKeyChecking accept-new` for that -- which whilst
far from ideal, in practice it's no worse than blindly typing 'yes' at
each prompt.
I think I'll gather up what host keys I can and dump those in a
reference 'known_hosts' file that people can concatenate to their own
`~/.ssh/known_hosts`, which will solve that other issue. Best I can do
until such time as we can make the hosts key file 'portable' (in terms
of absolute paths).
Regards,
--
Stuart Longland (aka Redhatter, VK4MSL)
I haven't lost my mind...
...it's backed up on a tape somewhere.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
