Bug#481238: host key fingerprints in .ssh/config

To: martin f krafft <madduck@debian.org>, 481238@bugs.debian.org
Subject: Bug#481238: host key fingerprints in .ssh/config
From: Colin Watson <cjwatson@debian.org>
Date: Mon, 26 May 2008 11:12:49 +0100
Message-id: <[🔎] 20080526101249.GL16645@riva.ucam.org>
Reply-to: Colin Watson <cjwatson@debian.org>, 481238@bugs.debian.org
In-reply-to: <[🔎] 20080514181332.GA8896@lapse.madduck.net>
References: <[🔎] 20080514181332.GA8896@lapse.madduck.net>

On Wed, May 14, 2008 at 07:13:32PM +0100, martin f krafft wrote:
> Just an idea without having given it much thought:
> 
> if there are host key fingerprints in DNS, why not add
> a configuration option to ssh_config so that I could say:
> 
>   Host foo
>     HostKeyFingerprint 99:11:ed:30:03:41:ff:9f:f3:74:bd:7d:e1:8f:04:44
> 
> which would then cause even StrictHostKeyChecking to accept the host
> key into .ssh/known_hosts if the fingerprint matched?

I'm not sure I understand. Why not just add the fingerprint to
~/.ssh/known_hosts directly? What does putting it in the configuration
file gain you?

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

Follow-Ups:
- Bug#481238: host key fingerprints in .ssh/config
  - From: martin f krafft <madduck@debian.org>

References:
- Bug#481238: host key fingerprints in .ssh/config
  - From: martin f krafft <madduck@debian.org>

Prev by Date: Bug#481721: openssh-server: sshd does not include a remote address when logging usage of blacklisted keys
Next by Date: Bug#481278: openssh: Please provide server patched with LPK
Previous by thread: Bug#481238: host key fingerprints in .ssh/config
Next by thread: Bug#481238: host key fingerprints in .ssh/config
Index(es):
- Date
- Thread