[Bug 3377] New: improve GlobalKnownHostsFile and UserKnownHostsFile (wildcards + mulitple specifications)

Wed Jan 5 03:39:35 AEDT 2022

https://bugzilla.mindrot.org/show_bug.cgi?id=3377

            Bug ID: 3377
           Summary: improve GlobalKnownHostsFile and UserKnownHostsFile
                    (wildcards + mulitple specifications)
           Product: Portable OpenSSH
           Version: 8.8p1
          Hardware: Other
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: calestyo at scientia.org

Hey.

The following features would be quite nice IMO:

1) Allowing to specify directories or better wildcards for
GlobalKnownHostsFile and UserKnownHostsFile.
The idea would be especially to have something like:
GlobalKnownHostsFile /etc/ssh/ssh_known_hosts,
/etc/ssh/ssh_known_hosts2, /etc/ssh/ssh_known_hosts.d/*.known_hosts as
default.
Distros could then ship that directories and package could place their
known hosts into that.
E.g. one could have then have distro supplied packages with the public
keys of well known services like GitHub/GitLab/etc.

That would be some good alternative for peoples who don't like/trust
the mechanisms of distributing the keys via DNS or that like.

2) Less important, but possibly still nice would be if one could
specify 
GlobalKnownHostsFile and UserKnownHostsFile multiple times and the
effect being cumulative.
Perhaps one could also make a special syntax that allows
adding/removing from the list like:
GlobalKnownHostsFile = foo
or
GlobalKnownHostsFile foo
=> resets the list the list to just foo

GlobalKnownHostsFile + bar
=> adds bar

GlobalKnownHostsFile - baz
=> removes baz

Thanks,
Chris.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.