|
To me, this also sounds like (3). I also agree with this option.
>>
I can see at least three ways of dealing with this: (1) [...], (2) >> [...], and (3) when rekeying, behave as normal except that a second >> copy of the host key from the first time around is, effectively, >> added as a trusted key for the host. > OpenSSH does: > (4) silently accept the hostkey if it is identical to the one used to > authenticte the previous KEX, search the known hostkeys otherwise and > if not found there then do whatever is configured for hiterto-unknown > hostkeys. I must be missing something. To me, this sounds like (3). What's the difference? /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML mouse%rodents-montreal.org@localhost / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B |