[Bug 1279] Address- and/or port-specific HostKeys support

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Jan 31 15:01:34 EST 2007


http://bugzilla.mindrot.org/show_bug.cgi?id=1279





------- Comment #3 from dtucker at zip.com.au  2007-01-31 15:01 -------
(In reply to comment #2)
> I know, it does not support it. I think, it should -- hence this
> enhancement request.

Sure, but I just wanted to mention that in case you need a solution now
that does not involve changing client hostkeys.

> Server-consolidation is a common task, but running multiple
> sshd-processes is merely a work-around. It is not elegant -- sshd can
> do better :-)

I had previously considered whether or not the Match directive could be
taught about the local address and port, which would give you syntax
something like:

Match LocalAddress 10.1.1.2 Port 22
    HostKey ...

but I'm not sure how hard it would be to implement.  It would need to
reprocess the config immediately after a connection is accepted and
before any processing is done.  This would conceivably control such
things as Compression, Protocol and maybe Hostkey.

The catch is you would have to disallow Match directives that look at,
eg the username from trying to change hostkey because it makes no
sense.

I really need to get the stuff I've already written merged before
looking at this, though...




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.


More information about the openssh-bugs mailing list