Please help test recent changes

Anton Khirnov anton at khirnov.net
Mon Jan 17 19:22:09 AEDT 2022


Quoting Damien Miller (2022-01-06 23:52:09)
> 2. Restricted agent keys.
> 
> This is a large set of changes to add destination- and path-restricted
> keys to ssh-agent. A full writeup is at on the website at
> https://www.openssh.com/agent-restrict.html - I'm interested to hear
> feedback on how this works in practice, UI and things that could be
> improved (as well as bug reports).

Can this be made to work when SSHFP host verification is used
(VerifyHostKeyDNS=yes) rather than known_hosts?

Otherwise this is great news - I've largely replaced my old key with a
FIDO token and one of the annoyances is the confirmation window not
telling me which host is it for.

-- 
Anton Khirnov


More information about the openssh-unix-dev mailing list