HashKnownHosts vs @cert-authority

Harald Dunkel harald.dunkel at aixigo.de
Sat Dec 10 01:38:06 AEDT 2016

Hi folks,

maybe I am too blind to see, but would it be possible to
avoid extra entries in known_hosts, if the remote host
has a signed public key matching a @cert-authority line?
Something like

	Host *
		HashKnownHosts unsigned

This could help to keep the known_hosts file small and
yet get all the unsigned public keys in.

Just a suggestion, of course. Regards

More information about the openssh-unix-dev mailing list