[PATCH] verify against known fingerprints
Hubert Kario
hkario at redhat.com
Wed Feb 19 00:19:51 EST 2014
----- Original Message -----
> From: "Phil Pennock" <phil.pennock at globnix.org>
> To: openssh-unix-dev at mindrot.org
> Sent: Tuesday, 18 February, 2014 9:33:59 AM
> Subject: [PATCH] verify against known fingerprints
>
> I've just written this patch, it's undergone minimal testing and "works
> for me" and I'm after feedback as to acceptability of approach, anything
> I should be doing differently for the feature to be acceptable upstream
> and what I should be doing about automated testing.
>
> Use-case: you have the host's SSH fingerprints via an out-of-band
> mechanism which you trust and want to be able to connect and have
> verification use those known-good fingerprints and, if they match,
> update known_hosts.
Since you already have an out-of-band communication, why not provide
a pre-populated ~/.ssh/known_hosts file though it?
--
Regards,
Hubert Kario
BaseOS QE Security team
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
More information about the openssh-unix-dev
mailing list