About multiple hosts with same hostname
Christian Iversen
chrivers at iversen-net.dk
Wed Apr 1 05:01:45 EST 2009
Luciano Bello wrote:
> El Mar 31 Mar 2009, Christian Iversen escribió:
>> Isn't there some way to make OpenSSH save
>> the host key using the FQDN instead of just the local part? That would
>> solve this problem.
>
> Permit that is permit MitM when there is a DNS spoofing situation.
You are entirely right. I realized that moments after I had sent the
message :-)
Of course, the domain parameter cannot be determined with any certainty.
However, maybe there is a way to accept multiple keys for the same
hostname? I understand that using FQDNs is a way to go, but they can be
pretty long to input (custom zsh tab completion could be a way to go here).
I mean, having (say) 5 different host keys for "fw0" shouldn't really be
a problem, since whichever one is presented can be verified. It's still
impossible for an attacker to replace fw0 with another machine without
knowing the private keys, and you're still not going to hit another
machine by accident.
Am I really the only person with this problem? :-)
--
Med venlig hilsen
Christian Iversen
More information about the openssh-unix-dev
mailing list