Feature Request: Plugin Model for authorizing public keys
Simon Wilkinson
sxw at inf.ed.ac.uk
Wed Feb 9 22:04:38 EST 2011
On 9 Feb 2011, at 10:38, Peter Stuge wrote:
> At FOSDEM we had a short discussion about a similar simple way of
> also extending host key lookups, in lieu of the more intrusive GSSAPI
> kex patch which seems to take a different approach.
The GSSAPI kex patch (an implementation of RFC4462) is designed to
remove the need for host keys entirely, rather than just making it
easier to verify that the key you've been given is valid. On large
sites - and some of the sites with GSSAPI key exchange deployed have
tens of thousands of machines - removing the need for ssh host key
management is a significant saving.
Cheers,
Simon.
More information about the openssh-unix-dev
mailing list