How do I find the client key?
Peter Stuge
stuge at cdy.org
Mon Jun 3 09:11:45 EST 2002
On Sun, Jun 02, 2002 at 05:39:47PM -0400, Michael H. Warfield wrote:
> On server "S" I can find the client IP (IPv6) address in the
> SSH_CLIENT environment variable. I also need the client public key.
> On the client side, the public key ends up added to .ssh/known_hosts
> but what happens on the server side? I need to retrieve this key
> to validate the entry of a host name against a table of hosts which
> have previously contacted me (on possibly other IP addresses) so I
> can reject requests for names from keys which have changed. I'm
> trying to deal with some dynamic address problems.
Try to set it up so that you already have the public key and use that for
authorization? That way you won't have to worry about addresses.
Keys identify hosts, not IP(v*) addresses. And public keys are just that,
public. Even if it feels a bit awkward, you're really supposed to
distribute your public key as much as possible.
If you can't distribute keys in advance I guess you're out of luck, but then
the system won't be quite as secure either..
Just some .02..
//Peter
More information about the openssh-unix-dev
mailing list