IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: "Host name" definition somewhere in the ID set?



Thierry Moreau <thierry.moreau%connotech.com@localhost> writes:

> My single concern is that "host name" is not defined anywhere in the
> SSH    Internet drafts. This definition would be by reference to
> another document, I guess.

Why do you think "host name" needs to be defined? For the "known-hosts
database", which assocaites keys to host names?

The known-hosts database is mostly an implementation issue. I think
it's best to associate keys with whatever name the user types on the
command line to connect to it.

I've considered if it might be better to use the dns name used to look
up the corresponding A/AAAA record, i.e. after processing of the
search directive in /etc/resolv.conf, and cname processing. But then
one might get fooled by a rogue dns or dhcp server, which defeats the
purpose of host authentication.

(I think openssh also records the ip address together with the host
keys, but I'm not sure how that information is used).

/Niels



Home | Main Index | Thread Index | Old Index