Re: Rekey issue

To: Mouse <mouse%Rodents-Montreal.ORG@localhost>
Subject: Re: Rekey issue
From: Damien Miller <djm%mindrot.org@localhost>
Date: Sun, 12 Jun 2016 17:03:03 +1000 (AEST)

On Wed, 8 Jun 2016, Mouse wrote:

> I can see at least three ways of dealing with this: (1) when rekeying,
> always accept the host key regardless of what it is, (2) when
> rekeying, require that the host key be what it was the first time
> around, always accepting if it is and erroring if not, and (3) when
> rekeying, behave as normal except that a second copy of the host key
> from the first time around is, effectively, added as a trusted key for
> the host.

OpenSSH does:

(4) silently accept the hostkey if it is identical to the one used to
authenticte the previous KEX, search the known hostkeys otherwise and
if not found there then do whatever is configured for hiterto-unknown
hostkeys. This could be automatically accepting, prompting the user or
unconditionally rejecting the key.

-d

Follow-Ups:
- Re: Rekey issue
  - From: Mouse

References:
- Rekey issue
  - From: Mouse

Prev by Date: Re: Rekey issue
Next by Date: Re: Rekey issue
Previous by Thread: Re: Rekey issue
Next by Thread: Re: Rekey issue
Indexes:

Home | Main Index | Thread Index | Old Index