IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Rekey issue



To me, this also sounds like (3). I also agree with this option.
 
 
From: Mouse
Sent: Monday, June 13, 2016 18:35
Subject: Re: Rekey issue
 
>> I can see at least three ways of dealing with this: (1) [...], (2)
>> [...], and (3) when rekeying, behave as normal except that a second
>> copy of the host key from the first time around is, effectively,
>> added as a trusted key for the host.

> OpenSSH does:

> (4) silently accept the hostkey if it is identical to the one used to
> authenticte the previous KEX, search the known hostkeys otherwise and
> if not found there then do whatever is configured for hiterto-unknown
> hostkeys.

I must be missing something.  To me, this sounds like (3).  What's the
difference?

/~\ The ASCII   Mouse
\ / Ribbon Campaign
X  Against HTML mouse%rodents-montreal.org@localhost
/ \ Email!      7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B


Home | Main Index | Thread Index | Old Index