Known hosts and dynamic IP addresses

Dan Kaminsky dan at doxpara.com
Mon Jul 7 02:08:49 EST 2003


>Therefore, an option should be invented which allows to 
>store the host key under the DNS name only.
>  
>
Why are we storing IP addresses in known_hosts files anyway?  It doesn't 
appear to be universal -- SSH2 only, perhaps? -- and as Hadmut points 
out, it's plainly wrong (IP != Identity, thus HostKeyAlias and the whole 
existence of cryptographic authentication).

--Dan





More information about the openssh-unix-dev mailing list