[Bug 2293] New: ssh should have an option to automatically trust a local sshd's host key for a given set of names

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Oct 15 08:11:55 EST 2014


https://bugzilla.mindrot.org/show_bug.cgi?id=2293

            Bug ID: 2293
           Summary: ssh should have an option to automatically trust a
                    local sshd's host key for a given set of names
           Product: Portable OpenSSH
           Version: 6.7p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: calestyo at scientia.net

Hi.

I think it would be nice, if there was an option that lets ssh
automatically trust hostkeys from a local sshd for a given set of
names.

One could have e.g. the options:
1) LocalTrustedPublicHostKeyFiles
This would specify the locations of the files, where the public keys
are found.
It could default to every file given in a HostKey directive in
/etc/ssh/sshd_config.
But it should also allow a list of files to be given, just in case
people run more than one sshd on their host, e.g. bound to different
addresses and/or ports,... some in VMs or from "within" a chroot.


2) LocalTrustedHostNames
That should be a list of names for which only the keys from (1) will be
considered valid.
Ideally it should default to anything that one can use to reach the
local sshd's, which may include things like:
127.0.0.0/8
::1
localhost
hostname
hostname.fqdn
If possible also any local v4 and v6 addresses/prefixes, which is
actually a bit tricky, since you may also have things like link local
addresses/prefixes.

Even better it would do that only for addresses/names, where the local
sshd really listens on.


Cheers,
Chris.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list