OpenSSH Key Storage
Markus Friedl
markus at openbsd.org
Fri Feb 1 19:43:35 EST 2002
if i connect to
folly.openssh.com
then i want the host key verified against the entry for
folly.openssh.com
if i connect to
folly.openssh.com
via a forwarded connection on
somehost.example.bla, port 2222
then i want the host key verified against the entry for
folly.openssh.com
and not against
somehost.example.bla, port 2222
because in both cases i really connect to
folly.openssh.com
storing the same key with different 'names' does not
make sense to me.
with "HostKeyAlias folly.openssh.com" i say:
while the tcp connect is to "somehost.example.bla, port 2222"
make sure that i really connect to folly.openssh.com
moreover, with the current implemenation
known_hosts
is also used for hostbased authentication.
if the client's hostkey is looked up in
known_hosts
what does 'port' mean?
if "somehost.example.bla, port 2222" is stored
in known_hosts, then folly.openssh.com can
hide as somehost.example.bla.
it has been suggested that the server tells the client:
lookup the hostkey under this 'name'.
does this really help? doesn't this mean the server
binds name to key? shouln't the client do this instead?
-m
More information about the openssh-unix-dev
mailing list