Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Dev
Support for UserKnownHostsFile tokens?
asymptosis at posteo
Sep 4, 2020, 8:01 PM
Post #1 of 4 (486 views)
Permalink
Hi Damien/all,

Since github etc use a potentially large number of IP addresses (albeit with a small number of keys), I'd like more granular oversight over their entries in my known_hosts.

Eg, here is a simplified stanza from my current ssh config:

Host github gitlab
User git
Hostname %h.com
UserKnownHostsFile ~/.ssh/known_hosts.d/git

There doesn't seem to be a good way to filter only certain hosts from that UserKnownHostsFile. When looking to remove outdated entries, I'd like to be able to tell which IP addresses and keys belonged to, say, GitHub -- at any time in the past.

I wondered if you would be willing to add a feature where we can shape the UserKnownHostsFile using tokens, similar to AuthorizedKeysFile for sshd config? My new config taking advantage of this feature could look like the following:

Host github gitlab
User git
Hostname %h.com
UserKnownHostsFile ~/.ssh/known_hosts.d/%h

I know I could split out UserKnownHosts to go under a sequence of individual Hosts entries, but that seems inelegant when I'm already combining multiple hosts due to their similar configs.

Sorry if in fact it's already possible somehow. I didn't see anything in `man ssh_config` or via a web search.


Cheers,


A
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Support for UserKnownHostsFile tokens? [ In reply to ]
dtucker at dtucker
Sep 4, 2020, 8:32 PM
Post #2 of 4 (486 views)
Permalink
On Sat, 5 Sep 2020, 13:04 asymptosis, <asymptosis@posteo.net> wrote:

> I wondered if you would be willing to add a feature where we can shape the
> UserKnownHostsFile using tokens, similar to AuthorizedKeysFile for sshd
> config?
>

Already done, it'll be in the next major release.

https://bugzilla.mindrot.org/show_bug.cgi?id=1654

>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Support for UserKnownHostsFile tokens? [ In reply to ]
asymptosis at posteo
Sep 4, 2020, 8:42 PM
Post #3 of 4 (486 views)
Permalink
> Already done, it'll be in the next major release.
>
> https://bugzilla.mindrot.org/show_bug.cgi?id=1654

Haha, awesome, thank you for that :) It could be argued that I should have checked the bug tracker first, so thanks for your patience and sorry for the noise.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Support for UserKnownHostsFile tokens? [ In reply to ]
dtucker at dtucker
Sep 4, 2020, 11:06 PM
Post #4 of 4 (486 views)
Permalink
On Sat, 5 Sep 2020 at 13:42, asymptosis <asymptosis@posteo.net> wrote:
> > Already done, it'll be in the next major release.
>
> Haha, awesome, thank you for that :) It could be argued that I should have checked the bug tracker first, so thanks for your patience and sorry for the noise.

No problem, easiest feature request ever :-)

--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal