Host verification problem
Darren Tucker
dtucker at zip.com.au
Mon May 16 22:25:54 EST 2005
Hadmut Danisch wrote:
> On Sun, May 15, 2005 at 10:30:27PM +1000, Darren Tucker wrote:
>>Or use a HostKeyAlias in your ssh_config, eg, for hosts "server1" and
>>"server2" behind ports 2222 and 2223 of "gateway":
>
> Which still requires to enter an entry in the ssh_config
> file.
Well, no, you could use "ssh -o HostKeyAlias=foo server". If you meant
that you have to provide an additional parameter somehow, then that's true.
What I was replying to, however, was the statement: "This means to edit
the host key file every time or to ommit host key validation" which is
not correct.
[and in a later message]
> Security by ignorance.
Out of curiosity, how would you describe a situation where someone
disables authenticity checks rather than use an existing mechanism
whereby they can be maintainted?
[and later message still]
> And you should read what I write before critizing it.
When you read the bug I first referred you to (#910) and got to the part
where I attached an updated patch[1] the day before you sent your first
message, how did the testing of that patch go?
[1] based on an earlier one by Devin Nate
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list