Hello,
for some time now I wonder about the way the known_hosts file contains the
server keys. Let's look at a part of my known_hosts file:
shell.sf.net,66.35.250.208 ssh-dss AAAAB3NzaC1kc3MAAACBA...
shell.sourceforge.net ssh-dss AAAAB3NzaC1kc3MAAACBA...
As you can see, there are two entries, which describe the same host. When
the file is empty and I do each connect after another, I always get the
question
"The authenticity of host 'foo (bar)' can't be
established."
This is even true for alias names which I can create on my local system.
Suggestion:
a) Join all equal hosts in one line.
b) When a new name is entered, which matches the IP of one of the old
server certificates bring a different warning, which tells something
like
"Host foo unknown, but seems to be bar1, bar2, ... Is this correct?
Possibly make a switch to skip this message and set it true always.
c) When the IP does not match any of the knwon ones, but the server
certificate does (server with different IP's and different names)
do a question like:
"Host foo unknwon, but certificate is equal to bar1, bar2, ..."
The changed messages would help to increase understanding. When connecting
a second or third time to a server and get asked everytime that the
certificate is not known (because you used another alias), then you tend
to answer yes all the time.
The joined lines in the known_hosts file would make maintaining such files
easier.
Ciao
--
____ _ _ ____ _ _ _ _ ____
| | | | | | \ / | | | the cool Gremlin from Bischofswerda
| __ | ____| | \/ | | | WWW: http://www.dstoecker.de/
| | | | | | | | PGP key available on www page.
|____| _|_ |____| _|_ _|_ |____| I hope AMIGA never stops making fun!
