Displaying 3 results from an estimated 3 matches for "store_hash".
Did you mean:
some_hash
2020 Oct 04
2
UpdateHostkeys now enabled by default
On Sun, Oct 04, 2020 at 09:24:12PM +1100, Damien Miller wrote:
> On Sun, 4 Oct 2020, Damien Miller wrote:
>
> > No - I think you've stumbled on a corner case I hadn't anticipated.
> > Does your configuration override CheckHostIP at all?
No.
> >
> > What are the known_hosts entries for the hostname and IP?
>
> Also, do you use HashKnownHosts? or do
2024 Oct 14
2
[RFC] Preferentially TOFU certificate authorities rather than host keys
....h | 1 +
4 files changed, 37 insertions(+), 9 deletions(-)
diff --git a/hostfile.c b/hostfile.c
index c5669c703..462ed8357 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -437,12 +437,15 @@ static int
write_host_entry(FILE *f, const char *host, const char *ip,
const struct sshkey *key, int store_hash)
{
- int r, success = 0;
+ int r, success = 0, cert = sshkey_is_cert(key);
char *hashed_host = NULL, *lhost;
lhost = xstrdup(host);
lowercase(lhost);
+ if (cert)
+ fprintf(f, "%s ", CA_MARKER);
+
if (store_hash) {
if ((hashed_host = host_hash(lhost, NULL, 0)) == NULL) {...
2020 Oct 04
3
UpdateHostkeys now enabled by default
...+449,9 @@ write_host_entry(FILE *f, const char *host, const char *ip,
> else
> error("%s: sshkey_write failed: %s", __func__, ssh_err(r));
> fputc('\n', f);
> + /* If hashing is enabled, the IP address needs to go on its own line */
> + if (success && store_hash && ip != NULL)
> + success = write_host_entry(f, ip, NULL, key, 1);
> return success;
> }
>
thanks for the patch, unfortunatly it doesn't solve the issue. ssh is
still claiming that the ecdsa key present in known_hosts differs from
the ed25519 key.
And if I answer yes...