Package: openssh-client Version: 1:4.7p1-8 Severity: wishlist Just an idea without having given it much thought: if there are host key fingerprints in DNS, why not add a configuration option to ssh_config so that I could say: Host foo HostKeyFingerprint 99:11:ed:30:03:41:ff:9f:f3:74:bd:7d:e1:8f:04:44 which would then cause even StrictHostKeyChecking to accept the host key into .ssh/known_hosts if the fingerprint matched? -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.24-1+scoflowctrl.1-686 (SMP w/1 CPU core) Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openssh-client depends on: ii adduser 3.107 add and remove users and groups ii debconf [debconf-2.0] 1.5.21 Debian configuration management sy ii dpkg 1.14.19 package maintenance system for Deb ii libc6 2.7-11 GNU C Library: Shared libraries ii libcomerr2 1.40.8-2 common error description library ii libedit2 2.9.cvs.20050518-4 BSD editline and history libraries ii libkrb53 1.6.dfsg.3-2 MIT Kerberos runtime libraries ii libncurses5 5.6+20080503-1 Shared libraries for terminal hand ii libssl0.9.8 0.9.8g-10 SSL shared libraries ii passwd 1:4.1.1-1 change and administer password and ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime Versions of packages openssh-client recommends: ii xauth 1:1.0.3-1 X authentication utility -- no debconf information -- .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems
Attachment:
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)