known_hosts vulnerability?

Damien Miller djm at
Thu May 19 07:49:41 EST 2005

Carson Gaspar wrote:

> The real solution is to stop using known_hosts files. There are some 
> patches floating around that do this for X.509 certs, and it's possible 
> with GSSAPI already (I think...). It would be really nice to get LDAP or 
> DNSSEC support, but I don't think there are current patches for either.

DNSSEC support has been in OpenSSH for around two years.


More information about the openssh-unix-dev mailing list