Possible bug: SSH doesn't prefer host keys listed in SSHFP records while connecting.

Yegor Ievlev koops1997 at gmail.com
Sun Feb 24 06:02:07 AEDT 2019


Well, SSHFP is supposed to only be used on DNSSEC-enabled domains.

On Sat, Feb 23, 2019 at 9:59 PM Peter Stuge <peter at stuge.se> wrote:
>
> Yegor Ievlev wrote:
> > It would make more sense to treat SSHFP records in the same way as
> > known_hosts
>
> I disagree with that - known_hosts is nominally a client-local configuration.
>
> I think it's a very bad idea to have the client start treating foreign network
> input as equivalent to local configuration.
>
>
> //Peter
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


More information about the openssh-unix-dev mailing list