[Bug 393] 'known_hosts' file should be indexed by IP:PORT, not just IP
Carson Gaspar
carson at taltos.org
Wed Sep 11 09:10:56 EST 2002
--On Wednesday, September 11, 2002 8:04 AM +1000
bugzilla-daemon at mindrot.org wrote:
> it's not about saving diskspace, why should ssh ask you to
> confirm the hostkey for every new ip:port pair?
Why are you running multiple instances of sshd on different ports with the
same key? That is a rather uncommon configuration. Port forwarding, or
multiple instances with differing keys, is a far more common case, in my
experience. Your argument is that the more common case should be hard, and
the less common case easy. I don't get it.
> and: the entry matters for hostbased authentication: you have
> 10 entries for the same ip, what key is the correct key?
The one with the correct _name_. I thought we'd solved this ages ago - the
source IP is _meaningless_ for host based auth, especially with NAT being
so common. The name that is presented is all that matters. This used to
work - did it get broken recently?
--
Carson
More information about the openssh-unix-dev
mailing list