Mailing List Archive

[Bug 2602] (Feature request) Verify host using key in destination user account
https://bugzilla.mindrot.org/show_bug.cgi?id=2602

Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WONTFIX
Status|NEW |RESOLVED
CC| |djm@mindrot.org

--- Comment #1 from Damien Miller <djm@mindrot.org> ---
This isn't possible without breaking the guarantees that host key
checking is supposed to provide.

For the behaviour that you want, ssh would have to ignore a host key
verification failure at connection time, proceed with authentication
and fetch (presumably using sftp) the host key from the target system.
This is a substantial amount of work but, worse, it would require ssh
to complete authentication to a system that it does not trust.

Completing authentication means sending user credentials to the remote
server. This would allow phishing or connection spoofing by hostile
servers.

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2602] (Feature request) Verify host using key in destination user account [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=2602

--- Comment #2 from Eric Postpischil <bugzilla.mindrot.org@edp.org> ---
The second paragraph in the preceding comment contemplates an
implementation in which the ssh client does the work of retrieving the
key and verifying it. That is not necessary. When initially contacting
the server, the client would supply the name of a user on the server
system. The ssh server would read a key from that user’s files and use
it in the normal authentication process instead of the usual system
host key.

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs