Different HostKeys for different hostnames or IPs in the same sshd?..
Peter Stuge
peter at stuge.se
Wed Sep 21 10:21:16 EST 2011
Mikhail T. wrote:
> How do we configure things so that the users and the automated
> scripts aren't "freaked-out" by the key of "service.example.net"
> suddenly changing, when the DNS is changed?
Counter-question: How do you want to still have protection against
malicious DNS data, or simply TCP MITM attacks?
> Other than both machines using the same hostkey, of course...
Why not do this?
> does the ssh-protocol have anything like HTTP's Host:-header?
Thankfully no.
> If not, can sshd offer a different key depending on the IP-address,
> that the incoming connection uses?
In theory sure, in practise OpenSSH can't. You could always patch it.
//Peter
More information about the openssh-unix-dev
mailing list