Host verification problem

Darren Tucker dtucker at
Mon May 16 22:25:54 EST 2005

Hadmut Danisch wrote:
> On Sun, May 15, 2005 at 10:30:27PM +1000, Darren Tucker wrote:
>>Or use a HostKeyAlias in your ssh_config, eg, for hosts "server1" and 
>>"server2" behind ports 2222 and 2223 of "gateway":
> Which still requires to enter an entry in the ssh_config 
> file.

Well, no, you could use "ssh -o HostKeyAlias=foo server".  If you meant 
that you have to provide an additional parameter somehow, then that's true.

What I was replying to, however, was the statement: "This means to edit 
the host key file every time or to ommit host key validation" which is 
not correct.

[and in a later message]
> Security by ignorance.

Out of curiosity, how would you describe a situation where someone 
disables authenticity checks rather than use an existing mechanism 
whereby they can be maintainted?

[and later message still]
 > And you should read what I write before critizing it.

When you read the bug I first referred you to (#910) and got to the part 
where I attached an updated patch[1] the day before you sent your first 
message, how did the testing of that patch go?

[1] based on an earlier one by Devin Nate

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list