prompt to update a host key
Jeremy Lin
jeremy.lin at gmail.com
Fri Mar 15 10:49:04 AEDT 2019
As far as I can tell, there currently isn't a straightforward way to
use password authentication for connecting to hosts where the host key
changes frequently. I realize this is a fairly niche use case, but
when developing software for devices that often get reimaged
(resulting in a host key change), it can get pretty tedious to attempt
to connect, get a warning, remove the old host key via text editor or
"ssh-keygen -R", and then connect again.
I'd like to propose adding a new StrictHostKeyChecking option, named
something like "ask-update" or "ask-to-update". This would be like
"ask", except it would prompt the user to update a host key if it has
changed (after printing a suitably scary warning). When connecting to
an unknown host, it would be equivalent to "ask".
I expect users would enable it explicitly for a limited set of hosts,
e.g. by adding a config section like
Host 192.168.0.*
StrictHostKeyChecking ask-update
If this idea sounds acceptable, I could potentially work on it, but I
don't mind at all if someone else is interested in doing it.
Thanks,
Jeremy
More information about the openssh-unix-dev
mailing list