Require Multiple keys per host

bob-openssh at technogeeks.com bob-openssh at technogeeks.com
Wed Jan 9 12:41:57 EST 2002


As of version 3.0.2p1 and perhaps earlier localhost forwarded connections
are checked in known_hosts.  The difficulty is that if you have multiple
forwards, only one of them will exist as a valid host key for localhost.
All the others will be treated as a "Changed" key prompting reduced
functionality including disallowing agent-forwarding.  Depending on
StrictHostKeyChecking being set, the connections might not be allowed at
all.

I suggest that the known host file have a host:port type scheme so a
machine running multiple sshd's will respond correctly as well as multiple
localforwards.

I note that this problem probably did not present itself since
KnownHostKey checkings did not seem to be active for localhost in older
versions of openssh.

Bob




More information about the openssh-unix-dev mailing list