[Bug 2673] New: Multiple ssh keys for a given server

Mon Jan 30 20:27:53 AEDT 2017

https://bugzilla.mindrot.org/show_bug.cgi?id=2673

            Bug ID: 2673
           Summary: Multiple ssh keys for a given server
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: george.shuklin at gmail.com

There are some cases when server may have few server keys, each of
those is valid.

Examples: 
1) server booting from golden image. Golden image has 'build-in' host
ssh key which is changed after system configuration management
application set up proper ssh key for server.
2) server may reboot between two different operating systems, each
using own host ssh key.
3) DynDNS-related shuffling between few servers (at given time server 
is occupying on of the few known IPs, and is causing false alerts if
that IP was known to be used by previous server).

Right now there is no way to say ssh client 'both keys are valid for a
given server', which cause users one of the following actions:

1. Use set of ssh options to prevent key learning
2. Use ssh-keygen -R to remove old key and confirm new one on the next
connect, repeat on each host ssh key change (e.g. reboot to different
OS).

Both of those actions loosen attention on 'spoofed ssh keys' alert and
therefore significantly endanger overall security of ssh-related
workflow. Malicious agent may use those alerts to persuade personnel
mistakenly trusting wrong key (due to repeated and often false positive
alerts, actual and valid alert would have been ignored and processed as
false positive). 

Proposition: permit multiple host keys for a given server name and/or
IP address.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.