OpenSSH Key Storage

Michael T. Babcock mbabcock at fibrespeed.net
Sat Feb 2 03:34:42 EST 2002


On Fri, Feb 01, 2002 at 10:08:36AM -0500, Nicolas Williams wrote:
> On Fri, Feb 01, 2002 at 09:43:35AM +0100, Markus Friedl wrote:
> > it has been suggested that the server tells the client:
> > 	lookup the hostkey under this 'name'.
> > does this really help? doesn't this mean the server
> > binds name to key? shouln't the client do this instead?
> 
> SSH RSA/DSA keys are nameless. Whatever name the server tells the client
> it has seems to me should be suspect.
 
I agree wholely; the client should track each unique connection description
in its known hosts file(s).  Connecting differently to the same host (different
ports are the only way to change your connection in TCP/IP in this way) should
lead to different stored key lines.
-- 
Michael T. Babcock
CTO, FibreSpeed Ltd.     (Hosting, Security, Consultation, Database, etc)
http://www.fibrespeed.net/~mbabcock/



More information about the openssh-unix-dev mailing list