prompt to update a host key

[Jochen Bern]

On 03/15/2019 12:49 AM, Jeremy Lin wrote:
> [...] connecting to hosts where the host key
> changes frequently. I realize this is a fairly niche use case [...]

Imagine sysadminning a boatload of VMs getting IPs from a dynamic pool, a la

$ for ADDR in $CUSTOMER_1_RANGE $CUSTOMER_2_RANGE... ; do
> ping -c 1 -w 2 $ADDR >/dev/null 2>&1 && ssh root@$ADDR do_urgent_fix
> done

, and it mightn't be that much of a niche anymore ...

> [...] developing software for devices that often get reimaged
> (resulting in a host key change) [...]

If the host keypair(s) are truly useless for identifying a *single*,
short-lived target host, my suggestion would be to include "global"
keypairs into the image (and have them still replaced once in a while).
That would at least protect clients from a fake host set up by someone
who doesn't have access to the image or the legit hosts. (Or from
accidentally shredding a genuine "permanent" system that somehow
obtained the DNS name / IP of a short-lived one.)

If, however, reimaging is a standardized process that might allow the
new host pubkey(s) to be collected and distributed in one fell swoop,
there's the GlobalKnownHostsFile setting which is *supposed* to point to
a file maintained by the *sysadmins* ...

Regards,
-- 
Jochen Bern
Systemingenieur

www.binect.de
www.facebook.de/binect

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4278 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20190315/b9e56543/attachment.p7s>