search for: afiau

On Sun, 4 Oct 2020, Christoph Anton Mitterer wrote: > On Sat, 2020-10-03 at 19:44 +1000, Damien Miller wrote: > > Otherwise, feel free to ask me anything. > > Was it ever considered that the feature itself could be problematic, > security-wise? Of course we considered this. > I see at least two candidates: > - It's IMO generally a bad idea to distribute

...ise then you have a problem. Anyone doing this > > already has to be prepared to deal with multiple keys being known > > for a host. The tooling support for doing this (ssh-keygen -R) works > > identically regardless of the number of keys. > > Well the big difference is IMO: AFIAU this feature distributes the > newer server keys to clients right? > > So even if the compromise is detected on the server side (and > properly cleaned up) the may be countless of clients (which you > can never reach all) who still have the compromised keys and may > subsequently...

https://bugzilla.mindrot.org/show_bug.cgi?id=2288 Bug ID: 2288 Summary: documentation of options defaulting to "none" Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: trivial Priority: P5 Component: Documentation Assignee: