IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Rekey issue
On Wed, 8 Jun 2016, Mouse wrote:
> I can see at least three ways of dealing with this: (1) when rekeying,
> always accept the host key regardless of what it is, (2) when
> rekeying, require that the host key be what it was the first time
> around, always accepting if it is and erroring if not, and (3) when
> rekeying, behave as normal except that a second copy of the host key
> from the first time around is, effectively, added as a trusted key for
> the host.
OpenSSH does:
(4) silently accept the hostkey if it is identical to the one used to
authenticte the previous KEX, search the known hostkeys otherwise and
if not found there then do whatever is configured for hiterto-unknown
hostkeys. This could be automatically accepting, prompting the user or
unconditionally rejecting the key.
-d
Home |
Main Index |
Thread Index |
Old Index