HostKey checking and DNS finger print verification
Senthil Kumar
senthilkumar_sen at hotpop.com
Thu Mar 23 20:43:49 EST 2006
Hello All,
I have a client-server setup with about 100 nodes. We often install the OS
and this results in change of host keys in our server. This necessiates the
need to update all known_hosts files in the client machines. Im using the
VerifyHostKeyDNS option in the client side where the DNS is updated with new
finger print each time we change the host key. But still the SSH client
verifies its known_hosts file even the DNS finger print matches.
Is there any way to overcome clients local database checking if DNS finger
print matches? What are the security issues associated with this way?
Thanks,
Senthil Kumar.
More information about the openssh-unix-dev
mailing list