Why does ssh-keyscan not use .ssh/config?
Damien Miller
djm at mindrot.org
Wed Mar 1 14:33:53 AEDT 2023
On Mon, 27 Feb 2023, Keine Eile wrote:
> Hi ML members,
>
> is there a reason, why ssh-keyscan does not use Host definitions from
> .ssh/config but does only relys on DNS host names? I have a quite long list of
> host names and a not that well maintained name server.
Mostly to keep ssh-keyscan simple. ssh_config contains a lot more
options than Host/Hostname that we'd need to implement if we supported
it in other tools including:
ProxyCommand/ProxyJump
Match (further complicated by Match supporting username, but ssh-keyscan not)
CanonicalizeHostname and Canonicalize*
BindInterface/BindAddress
There are other options too, and implementing them all would be quite
a bit of work.
I'd suggest writing a script or alias using `ssh -G` to resolve the hostname
and plumb it to ssh-keyscan. E.g.
mykeyscan() {
for x in "$@" ; do
ssh-keyscan `ssh -G "$x" | grep "^hostname " | awk '{print $2}'`
done
}
-d
More information about the openssh-unix-dev
mailing list