[Bug 454] SSH doesn't consider distinguish ports for host-key verification

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Jun 11 15:34:56 EST 2004


http://bugzilla.mindrot.org/show_bug.cgi?id=454





------- Additional Comments From robbat2 at gentoo.org  2004-06-11 15:34 -------
will this ever be implemented, or is it waiting for somebody to send in code 
for it?

existing $HOME/.ssh/known_hosts file has the following format:
'host keytype keydata'
where host is a either an IP or a name that resolves to the IP of the machine 
in question.
/etc/ssh/ssh_known_hosts has the following format [according to ssh(1)]:
'host[,host]* keydata [comment]*'

since we need to support IPv6 addresses, we cannot use a ':' as the 
address/port seperator, and since a comma is used to seperate multiple items in 
the latter case, that is out as well. I'd like to suggest a '@'.

My vision of how it should work:
old style entries as above should continue to work as they do presently (all 
connections to a host with only an old entry should be subject to the check), 
but ssh should add entries in the new format only.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list