Mailing List Archive: [Bug 1654] ~/.ssh/known

[Bug 1654] ~/.ssh/known_hosts.d/*

bugzilla-daemon at mindrot

Jul 10, 2020, 3:26 AM

Post #1 of 5 (260 views)

Permalink

[Bug 1654] ~/.ssh/known_hosts.d/* [ In reply to ]

bugzilla-daemon at mindrot

Jul 10, 2020, 3:26 AM

Post #2 of 5 (260 views)

Permalink

https://bugzilla.mindrot.org/show_bug.cgi?id=1654

Darren Tucker <dtucker@dtucker.net> changed:

What |Removed |Added
----------------------------------------------------------------------------
Blocks| |3162

Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=3162
[Bug 3162] Tracking bug for 8.4 release
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 1654] ~/.ssh/known_hosts.d/* [ In reply to ]

bugzilla-daemon at mindrot

Jul 10, 2020, 3:29 AM

Post #3 of 5 (260 views)

Permalink

https://bugzilla.mindrot.org/show_bug.cgi?id=1654

--- Comment #6 from Darren Tucker <dtucker@dtucker.net> ---
(In reply to Vincent Fortier from comment #4)
> Management IP are often the same at every
> location making SSH to complain that another host exist.

BTW you can turn that off with CheckHostIP=no and rely solely on the
HostKeyAlias.

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 1654] ~/.ssh/known_hosts.d/* [ In reply to ]

bugzilla-daemon at mindrot

Jul 16, 2020, 8:53 PM

Post #4 of 5 (255 views)

Permalink

https://bugzilla.mindrot.org/show_bug.cgi?id=1654

Darren Tucker <dtucker@dtucker.net> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED

--- Comment #7 from Darren Tucker <dtucker@dtucker.net> ---
I've just committed TOKEN expansion support for UserKnownHostsFile and
the '%k' TOKEN for the HostKeyAlias. This combination should be an
effective way to implement this in the config file should you want it.

(In reply to Josh Triplett from comment #2)
> Right. For the initial pass, ssh would still always write new keys
> to .ssh/known_hosts, and only *read* from known_hosts.d; the user
> would manually split entries out into files in that directory. Any
> change to automatically write out split files could come later.

Since UserKnownHostsFile takes multiple args but only writes to the
first, you can now implement those semantics with:

UserKnownHostsFile ~/.ssh/known_hosts ~/.ssh/known_hosts2
~/.ssh/known_hosts.d/%k

If you move the %k one to the head of the list, you'll keep using the
existing files for existing entries, but new entries will be written to
~/.ssh/known_hosts.d/ instead.

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 1654] ~/.ssh/known_hosts.d/* [ In reply to ]

bugzilla-daemon at mindrot

Jul 17, 2020, 4:52 PM

Post #5 of 5 (253 views)

Permalink

https://bugzilla.mindrot.org/show_bug.cgi?id=1654

--- Comment #8 from Josh Triplett <josh@joshtriplett.org> ---
That's awesome, thank you!

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs