Host verification problem

Hadmut Danisch hadmut at
Mon May 16 01:10:04 EST 2005

On Sun, May 15, 2005 at 10:30:27PM +1000, Darren Tucker wrote:
> Or use a HostKeyAlias in your ssh_config, eg, for hosts "server1" and 
> "server2" behind ports 2222 and 2223 of "gateway":

Which still requires to enter an entry in the ssh_config 

> See:

I had a glance on this and also on bug 393. 
It's an awful and silly discussion. 

HostKeyAlias is not a solution, it is just a workaround for 
an unfixed bug. For some reasons, which none of them does convince me, 
some people seem to insist on not fixing this bug. Strange. 

Reality shows that there are more people out there having more 
than one ssh daemon available at a single IP address. This might be
considered as odd, but that's how it is since the world started to use 
RFC1918 address ranges and IP connections with limited address space.

On the other hand, ssh was designed at a time before RFC1918 was 
issued. Insisting on the old  one host - one ip address - one ssh key
model is a bit like my grandfather who never accepted the way 
cars were designed after the 1950s. 

It's time for ssh to reach the NAT and Port-forwarding age. 

And by the way: A reverse lookup (unknown IP but host key found in the 
list) wouldn't be that bad for dynamically assigned IP addresses (e.g.
ppp, dhcp). 


More information about the openssh-unix-dev mailing list