Displaying 3 results from an estimated 3 matches for "write_host_entry".
2020 Oct 04
2
UpdateHostkeys now enabled by default
On Sun, Oct 04, 2020 at 09:24:12PM +1100, Damien Miller wrote:
> On Sun, 4 Oct 2020, Damien Miller wrote:
>
> > No - I think you've stumbled on a corner case I hadn't anticipated.
> > Does your configuration override CheckHostIP at all?
No.
> >
> > What are the known_hosts entries for the hostname and IP?
>
> Also, do you use HashKnownHosts? or do
2020 Oct 04
3
UpdateHostkeys now enabled by default
...ing piece of the puzzle. Can you
> please try this diff? It lets UpdateKnownHosts store entries for
> the IP address as well as the hostname.
>
> diff --git a/hostfile.c b/hostfile.c
> index 3dc9809..9ec9afa 100644
> --- a/hostfile.c
> +++ b/hostfile.c
> @@ -449,6 +449,9 @@ write_host_entry(FILE *f, const char *host, const char *ip,
> else
> error("%s: sshkey_write failed: %s", __func__, ssh_err(r));
> fputc('\n', f);
> + /* If hashing is enabled, the IP address needs to go on its own line */
> + if (success && store_hash && ip !...
2024 Oct 14
2
[RFC] Preferentially TOFU certificate authorities rather than host keys
...9 +++++++--
sshconnect.c | 30 +++++++++++++++++++++++-------
sshkey.c | 6 ++++++
sshkey.h | 1 +
4 files changed, 37 insertions(+), 9 deletions(-)
diff --git a/hostfile.c b/hostfile.c
index c5669c703..462ed8357 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -437,12 +437,15 @@ static int
write_host_entry(FILE *f, const char *host, const char *ip,
const struct sshkey *key, int store_hash)
{
- int r, success = 0;
+ int r, success = 0, cert = sshkey_is_cert(key);
char *hashed_host = NULL, *lhost;
lhost = xstrdup(host);
lowercase(lhost);
+ if (cert)
+ fprintf(f, "%s ", CA_MAR...