[Bug 1654] ~/.ssh/known_hosts.d/*

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Jul 17 13:53:02 AEST 2020


https://bugzilla.mindrot.org/show_bug.cgi?id=1654

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #7 from Darren Tucker <dtucker at dtucker.net> ---
I've just committed TOKEN expansion support for UserKnownHostsFile and
the '%k' TOKEN for the HostKeyAlias.  This combination should be an
effective way to implement this in the config file should you want it.

(In reply to Josh Triplett from comment #2)
> Right.  For the initial pass, ssh would still always write new keys
> to .ssh/known_hosts, and only *read* from known_hosts.d; the user
> would manually split entries out into files in that directory.  Any
> change to automatically write out split files could come later.

Since UserKnownHostsFile takes multiple args but only writes to the
first, you can now implement those semantics with:

  UserKnownHostsFile ~/.ssh/known_hosts ~/.ssh/known_hosts2
~/.ssh/known_hosts.d/%k

If you move the %k one to the head of the list, you'll keep using the
existing files for existing entries, but new entries will be written to
 ~/.ssh/known_hosts.d/ instead.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list