Displaying 1 result from an estimated 1 matches for "oautoanswervalidatedkeys".
2011 Jul 20
1
auto-accept keys matching DNSSEC-validated SSHFP records
...olver and the client. Our patch always
fetches the signatures and verifies them locally. A new option,
oStrictDnssecChecking, determines whether or not an untrusted response
is treated as a failure, or if the result is returned with a warning.
In addition to adding local validation, a new setting,
oAutoAnswerValidatedKeys, allows the user to automatically accept new
keys which match DNSSEC-validated SSHFP records. The default for this
new option is off, so even if the record matches, the user will still
be asked to confirm before connecting.
The patch is here:
https://bugzilla.mindrot.org/show_bug.cgi?id=1672
I...