[Bug 1213] ssh-keyscan exits in mid-way
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sun Mar 6 06:04:20 EST 2011
https://bugzilla.mindrot.org/show_bug.cgi?id=1213
--- Comment #27 from Paul Wouters <paul at cypherpunks.ca> 2011-03-06 06:04:20 EST ---
(In reply to comment #26)
> (In reply to comment #25)
> If anything, the most I would do is put together a Perl script to merge
> an old and new known_hosts file, such that new entries override old
> ones, and old ones that don't have a newer replacement are kept.
You really want to look at SSHFP DNS records protected by DNSSEC, and
setting VerifyHostKeyDNS ask in your /etc/ssh/ssh_config
you can use the "sshfp" tool for that, which is exactly why I was
interested in this bug. sshfp can AXFR a zone, and use ssh-keyscan to
connect to all A records in the zone and print the SSHFP record to add
in your zones.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list