Displaying 20 results from an estimated 30000 matches similar to: "[Feature Request] Add (and check against) IP to known_hosts even when domain is used to connect"
2005 Dec 10
2
known_hosts and multiple hosts through a NAT router
The .ssh/known_hosts table cannot handle reaching different sshd
servers behind a NAT router. The machines are selected by having
the SSHDs respond to differnt ports.
A second request would be to allow known_hosts checking solely on
the dns name, wildcarding the IP address. This would be useful
to avoid continuously warning the user every time you connect
to a machine with a changing IP address
2004 Sep 10
11
[Bug 910] known_hosts port numbers
http://bugzilla.mindrot.org/show_bug.cgi?id=910
mindrot at askneil.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mindrot at askneil.com
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the
2023 Aug 18
1
Host key verification (known_hosts) with ProxyJump/ProxyCommand
On Fri, 18 Aug 2023 at 17:18, Stuart Longland VK4MSL <me at vk4msl.com> wrote:
> On 18/8/23 15:39, Darren Tucker wrote:
[...]
> > I think you just need "HostKeyAlias mytarget" here.
>
> Ahh, in my scanning through the `ssh_config` manpage, I missed this, and
> change logs seem to indicate this feature has been around since at least
> 2017, so should not cause
2002 Feb 01
4
OpenSSH Key Storage
I have had a brief discussion with Damien Miller (below) about storing
host port values in the known_hosts file so as to track multiple ssh
sessions (with independant keys) that run on a single host but accept
connections on different ports. If it were possible to state that a
given key for a remote host belonged to that host's ssh session on port
23 and that another key belonged to that
2020 Sep 30
3
Human readable .ssh/known_hosts?
On Tue, 29 Sep 2020 at 23:16, Nico Kadel-Garcia <nkadel at gmail.com> wrote:
[...]
> I gave up on $HOME/.ssh/known_hosts a *long* time ago, because if
> servers are DHCP distributed without static IP addresses they can wind
> up overlapping IP addresses with mismatched hostkeys
You can set CheckHostIP=no in your config. As long as the names don't
change it'll do what you
2002 Sep 10
8
[Bug 393] 'known_hosts' file should be indexed by IP:PORT, not just IP
http://bugzilla.mindrot.org/show_bug.cgi?id=393
markus at openbsd.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Additional Comments From markus at openbsd.org 2002-09-11
2003 Dec 18
2
known_hosts, IP, and port revisited
I dug through the list archives to see if this had come up before, and I
see that a bug <http://bugzilla.mindrot.org/show_bug.cgi?id=393> was
submitted and subsequently closed (basically rejected) in 2002.
The basic issue, for those of you who don't feel like following the bug
URL, is that when one has ssh servers behind a NAT, each of which responds
to a different port on the NAT IP,
2023 Aug 18
1
Host key verification (known_hosts) with ProxyJump/ProxyCommand
On 18/8/23 15:39, Darren Tucker wrote:
>> Host mytarget
>> Hostname 172.16.1.2
>> ProxyJump user2 at bastion2
> I think you just need "HostKeyAlias mytarget" here.
Ahh, in my scanning through the `ssh_config` manpage, I missed this, and
change logs seem to indicate this feature has been around since at least
2017, so should not cause
2005 Apr 21
11
[Bug 910] known_hosts port numbers
http://bugzilla.mindrot.org/show_bug.cgi?id=910
djm at mindrot.org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |foomzilla at fuhm.net
------- Additional Comments From djm at mindrot.org 2005-04-21 18:16 -------
*** Bug 454 has been marked as a
2023 Nov 10
1
@cert-authority for hostbased auth - sans shosts?
On 09/11/23, Marian Beermann (public at enkore.de) wrote:
> ... while OpenSSH does support using a CA in conjunction with hostbased
> authentication, it still requires a list of all authorized host names in the
> rhosts / shosts file.
I'm not familiar with the use of .rhosts/.shosts, but I don't think those are needed at all with a machine or per-user known_hosts file/files
2023 Aug 18
1
Host key verification (known_hosts) with ProxyJump/ProxyCommand
On Fri, 18 Aug 2023 at 15:25, Stuart Longland VK4MSL <me at vk4msl.com> wrote:
[...]
> The crux of this is that we cannot assume the local IPv4 address is
> unique, since it's not (and in many cases, not even static).
If the IP address is not significant, you can tell ssh to not record
them ("CheckHostIP no").
[...]
> Host mytarget
> Hostname 172.16.1.2
2015 Feb 22
3
PKI host based principal
Hello,
Maybe I did not understand correctly the PKI trust, so forgive me if I am wrong.
For example, I have multiple hosts that all serves as monitoring
server, I would like to trust only these hosts, so I enrol a
certificate for these using "monitoring" principal, so I can connect
only to these.
At first I thought we can do Match statement at ssh_config, however,
the Match is being
2023 Nov 09
1
@cert-authority for hostbased auth - sans shosts?
Hi,
we're looking to reduce the number of host lists that
need to be kept in sync in our system. (There are quite a few of them
all over the place)
OpenSSH CAs are an obvious solution for not having to
keep all host keys in sync in /etc/ssh/known_hosts, however,
while OpenSSH does support using a CA in conjunction with hostbased
authentication,
it still requires a list of all authorized
2005 May 12
6
[Bug 1039] Incomplete application of HostKeyAlias in ssh
http://bugzilla.mindrot.org/show_bug.cgi?id=1039
Summary: Incomplete application of HostKeyAlias in ssh
Product: Portable OpenSSH
Version: 4.0p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: bitbucket at mindrot.org
ReportedBy: cdmclain
2020 Oct 30
3
[Bug 3226] New: Feature request: Prempt fingerprint prompt when connecting to new server
https://bugzilla.mindrot.org/show_bug.cgi?id=3226
Bug ID: 3226
Summary: Feature request: Prempt fingerprint prompt when
connecting to new server
Product: Portable OpenSSH
Version: 8.4p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component:
2006 May 06
1
[Bug 910] known_hosts port numbers
http://bugzilla.mindrot.org/show_bug.cgi?id=910
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #954 is|0 |1
obsolete| |
Attachment #1052 is|0 |1
obsolete|
2006 Jun 19
3
[Bug 910] known_hosts port numbers
http://bugzilla.mindrot.org/show_bug.cgi?id=910
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ildefonso_camargo at yahoo.com
------- Comment #42 from dtucker at zip.com.au 2006-06-20 09:32 -------
*** Bug 1198 has been marked
2018 Apr 21
4
build-issue on AIX with openssh-7.7p1 - easy correction! included
Get the following error:
root at x065:[/data/prj/openbsd/openssh/openssh-7.7p1/openbsd-compat]make
??????? xlc_r -I/opt/include -O2 -qmaxmem=-1 -qarch=pwr5 -q64 -I. -I..
-I../../src/openssh-7.7p1/openbsd-compat
-I../../src/openssh-7.7p1/openbsd-compat/.. -I/opt/include
-DHAVE_CONFIG_H -c ../../src/openssh-7.7p1/openbsd-compat/strndup.c
2001 Aug 28
2
[patch] known hosts with ports
Hello. We are currently installing a new firewall, and would like to use a
mixture of NAT and port mapping to have a single "gateway" host address
which exposes a range of open ports, each of which maps to sshd of a
different host in our internal network (e.g. ssh.jesus.cam.ac.uk on port
6789 maps to internal host1 port 22 whereas ssh.jesus.cam.ac.uk on port 6790
maps to internal
2002 Apr 10
2
I need to be able to turn off host checking entirely
I have a small LAN. The entire system is within my view - all the
hosts, the switch and the wire. If someone is in a a position to do a
"man in the middle" attack, there's no need - they already have me.
Over the other side of the room, and beside my desk, I have test
systems. I use disk caddies (see www.vipower.com for examples) and can
switch operating systems in about the