[Bug 2673] Multiple ssh keys for a given server

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Jan 31 10:55:28 AEDT 2017


https://bugzilla.mindrot.org/show_bug.cgi?id=2673

--- Comment #4 from Darren Tucker <dtucker at zip.com.au> ---
(In reply to George Shuklin from comment #3)
[...]
> Yes, there is a risk, but it's less than 'use -R every time'. Adding
> additional keys is not default configuration, so unexpected users
> wouldn't be affected.

Some users will do insecure things but that doesn't mean we should
weaken the host key checking for those who don't.

> Is any reason why to have two different keys with different algo is
> OK, but to have two different keys with same algo is not OK?

It's an artefact of the way the host key matching works, not a
deliberate feature.

In recent versions of OpenSSH the server will inform the client of all
of its host keys (via the "hostkeys-00 at openssh.com" extension) and if
the client wants to (via UpdateHostKeys) it will update the known_hosts
file.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list