[Bug 2602] (Feature request) Verify host using key in destination user account
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Jul 19 14:37:46 AEST 2019
https://bugzilla.mindrot.org/show_bug.cgi?id=2602
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WONTFIX
Status|NEW |RESOLVED
CC| |djm at mindrot.org
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
This isn't possible without breaking the guarantees that host key
checking is supposed to provide.
For the behaviour that you want, ssh would have to ignore a host key
verification failure at connection time, proceed with authentication
and fetch (presumably using sftp) the host key from the target system.
This is a substantial amount of work but, worse, it would require ssh
to complete authentication to a system that it does not trust.
Completing authentication means sending user credentials to the remote
server. This would allow phishing or connection spoofing by hostile
servers.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list