[Bug 2602] (Feature request) Verify host using key in destination user account

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Jul 19 14:37:46 AEST 2019


https://bugzilla.mindrot.org/show_bug.cgi?id=2602

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |WONTFIX
             Status|NEW                         |RESOLVED
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
This isn't possible without breaking the guarantees that host key
checking is supposed to provide.

For the behaviour that you want, ssh would have to ignore a host key
verification failure at connection time, proceed with authentication
and fetch (presumably using sftp) the host key from the target system.
This is a substantial amount of work but, worse, it would require ssh
to complete authentication to a system that it does not trust.

Completing authentication means sending user credentials to the remote
server. This would allow phishing or connection spoofing by hostile
servers.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list