Bug#481238: host key fingerprints in .ssh/config
On Wed, May 14, 2008 at 07:13:32PM +0100, martin f krafft wrote:
> Just an idea without having given it much thought:
>
> if there are host key fingerprints in DNS, why not add
> a configuration option to ssh_config so that I could say:
>
> Host foo
> HostKeyFingerprint 99:11:ed:30:03:41:ff:9f:f3:74:bd:7d:e1:8f:04:44
>
> which would then cause even StrictHostKeyChecking to accept the host
> key into .ssh/known_hosts if the fingerprint matched?
I'm not sure I understand. Why not just add the fingerprint to
~/.ssh/known_hosts directly? What does putting it in the configuration
file gain you?
Thanks,
--
Colin Watson [cjwatson@debian.org]
Reply to: