Displaying 3 results from an estimated 3 matches for "expecthostkey".
2023 Aug 18
1
Host key verification (known_hosts) with ProxyJump/ProxyCommand
...ou might have in known_hosts
172.16.1.2{ProxyJump user at 10.20.30.40,user2 at 192.168.123.45} <algo> <key>
172.16.1.3{ProxyCommand user at 10.20.30.40:nc 192.168.234.56 22} <algo> <key>
the {} part encodes the path by which you reach the host.
Alternative might be an "ExpectHostKey" option that can be put in
~/.ssh/config or specified with "-o ExpectHostKey=?" that tells the SSH
client "ignore your known_hosts file, the host *will* be using this
key". So if you know the public key (e.g. you did a `ssh_keyscan`), you
can either:
put in .ssh/confi...
2023 Aug 18
1
Host key verification (known_hosts) with ProxyJump/ProxyCommand
...s at the time of its call, or would it
figure out that these files are relative to
/home/me/workplace/ops/eng-ssh/bigcust-config?
If the latter, I could then store that in the git repository (as a
*signed* git commit, so it can be authenticated later) which would offer
similar benefits to the `ExpectHostKey` I made earlier.
--
Stuart Longland (aka Redhatter, VK4MSL)
I haven't lost my mind...
...it's backed up on a tape somewhere.
2023 Aug 18
2
Host key verification (known_hosts) with ProxyJump/ProxyCommand
On 18.08.23 07:39, Darren Tucker wrote:
> On Fri, 18 Aug 2023 at 15:25, Stuart Longland VK4MSL <me at vk4msl.com> wrote:
> [...]
>> The crux of this is that we cannot assume the local IPv4 address is
>> unique, since it's not (and in many cases, not even static).
>
> If the IP address is not significant, you can tell ssh to not record
> them ("CheckHostIP