[talk] ssh host keys
Jesse Callaway
bonsaime at gmail.com
Fri Mar 22 18:30:37 EDT 2019
On Thu, Mar 21, 2019 at 6:16 PM Eitan Adler <lists at eitanadler.com> wrote:
> On Thu, 21 Mar 2019 at 18:13, Eitan Adler <lists at eitanadler.com> wrote:
> >
> > On Thu, 21 Mar 2019 at 15:31, Jesse Callaway <bonsaime at gmail.com> wrote:
> > >
> > >
> > >
> > > On Thu, Mar 21, 2019 at 2:50 PM Jesse Callaway <bonsaime at gmail.com>
> wrote:
> > >>
> > >> On my mac running OpenSSH_7.8p1, LibreSSL 2.6.2 connecting outbound
> when the host key is found to mismatch a recorded entry in known_hosts it
> allows me to connect.. however disables some features, notably port
> forwarding and agent forwarding.
> > >>
> > >> Removing the clashing line in ~/.ssh/known_hosts fixed this so that
> when I connect it allows the features.
> > >>
> > >> Does anyone have experience with this? Related is
> StrictHostKeyChecking no is set. I would expect the behavior to be binary,
> either I can connect or not if it *suspects* mitm.
> > >>
> > >> --
> > >> -jesse
> > >
> > >
> > > I'll just self-reply here. This is a bug. I could care less if it's
> always been like this. Does anyone have any suggestions on how to file the
> bug report?
> >
> > This is not exactly a bug. If you want to always fail, set
> > StrictHostKeyChecking yes as a config values. There is no way I know
> > of to always ignore (and allow e.g., port forwarding).
>
> to answer your question directly "openssh-unix-dev at mindrot.org"
> <openssh-unix-dev at mindrot.org> or https://bugzilla.mindrot.org/
>
>
> --
> Eitan Adler
>
Thanks for the suggestions. I have a hard time getting this right while
also doing batch operations over ssh to a bunch of hosts. Aside from host
keys in LDAP or secure DNS how do others ssh to hosts that rotate through
IP addresses frequently?
--
-jesse
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org:8080/pipermail/talk/attachments/20190322/0368655f/attachment.html>
More information about the talk
mailing list