[Bug 393] 'known_hosts' file should be indexed by IP:PORT, not just IP
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Sep 11 07:13:13 EST 2002
http://bugzilla.mindrot.org/show_bug.cgi?id=393
------- Additional Comments From eric at addamark.com 2002-09-11 07:13 -------
Let me be specific then:
I have two ssh server mapped through different port numbers on the same public
IP address to the outside world: one is on Port 22, the other is on port 1022.
The configuration breaks the ssh client when UseStrictHostChecking is active
because the logic assumes that it can never see more than one host key from a
given IP address. The CheckHostIP setting gives spurious warnings because it
assumes that it can never see more than one host key from a specific IP address.
Currently, my only work around is to disable both settings on everyone's
client. This is neither practical nor desirable as it not only requires that
everyone make a change to their local config's, but in addition, everyone has
to turn run without the extra security that these settings provide.
I'm assuming that the first feedback was from one of the developers in the
OpenSSH team. Please reconsider your stance on this issue (or at least reopen
the bug so that it doesn't drop through the cracks).
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-unix-dev
mailing list