Mailing List Archive

Why does ssh-keyscan not use .ssh/config?
Hi ML members,

is there a reason, why ssh-keyscan does not use Host definitions from .ssh/config but does only relys on DNS host names? I have a quite long list of host names and a not that well maintained name server.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Why does ssh-keyscan not use .ssh/config? [ In reply to ]
On Mon, 27 Feb 2023, Keine Eile wrote:

> Hi ML members,
>
> is there a reason, why ssh-keyscan does not use Host definitions from
> .ssh/config but does only relys on DNS host names? I have a quite long list of
> host names and a not that well maintained name server.

Mostly to keep ssh-keyscan simple. ssh_config contains a lot more
options than Host/Hostname that we'd need to implement if we supported
it in other tools including:

ProxyCommand/ProxyJump
Match (further complicated by Match supporting username, but ssh-keyscan not)
CanonicalizeHostname and Canonicalize*
BindInterface/BindAddress

There are other options too, and implementing them all would be quite
a bit of work.

I'd suggest writing a script or alias using `ssh -G` to resolve the hostname
and plumb it to ssh-keyscan. E.g.

mykeyscan() {
for x in "$@" ; do
ssh-keyscan `ssh -G "$x" | grep "^hostname " | awk '{print $2}'`
done
}

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Why does ssh-keyscan not use .ssh/config? [ In reply to ]
Did it the awk way.
Thanks Damien!
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev