Re: Rekey issue

To: ietf-ssh%netbsd.org@localhost
Subject: Re: Rekey issue
From: Mouse <mouse%Rodents-Montreal.ORG@localhost>
Date: Mon, 13 Jun 2016 20:35:34 -0400 (EDT)

>> I can see at least three ways of dealing with this: (1) [...], (2)
>> [...], and (3) when rekeying, behave as normal except that a second
>> copy of the host key from the first time around is, effectively,
>> added as a trusted key for the host.

> OpenSSH does:

> (4) silently accept the hostkey if it is identical to the one used to
> authenticte the previous KEX, search the known hostkeys otherwise and
> if not found there then do whatever is configured for hiterto-unknown
> hostkeys.

I must be missing something.  To me, this sounds like (3).  What's the
difference?

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Follow-Ups:
- Re: Rekey issue
  - From: denis bider (Bitvise)
- Re: Rekey issue
  - From: Niels Möller

References:
- Rekey issue
  - From: Mouse
- Re: Rekey issue
  - From: Damien Miller

Prev by Date: Re: Rekey issue
Next by Date: Re: Rekey issue
Previous by Thread: Re: Rekey issue
Next by Thread: Re: Rekey issue
Indexes:

Home | Main Index | Thread Index | Old Index