Human readable .ssh/known_hosts?

Damien Miller djm at mindrot.org
Wed Sep 30 10:07:17 AEST 2020


On Tue, 29 Sep 2020, Nico Kadel-Garcia wrote:

> There are setups SSH targets where it is useful for, primarily
> externally and consistentlyconfigured hosts with stable DNS and
> hostkeys, such as github or gitlab. But for internal services, it's
> generally far more trouble than it's worth.

FWIW I think this is bad advice.

Services are only "internal" to the extent that you can trust your network.
Search "SSL added and removed here" for a practical demonstration of this
assumption yielding undesirable results.

Disabling hostkey checking is a big hammer, but occasionally useful for
lab environments. Generally I recommend that people who are having trouble
with hostkey management consider using host certificates.

-d


More information about the openssh-unix-dev mailing list