https://bugzilla.mindrot.org/show_bug.cgi?id=3377
Bug ID: 3377
Summary: improve GlobalKnownHostsFile and UserKnownHostsFile
(wildcards + mulitple specifications)
Product: Portable OpenSSH
Version: 8.8p1
Hardware: Other
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: [email protected]
Reporter: [email protected]
Hey.
The following features would be quite nice IMO:
1) Allowing to specify directories or better wildcards for
GlobalKnownHostsFile and UserKnownHostsFile.
The idea would be especially to have something like:
GlobalKnownHostsFile /etc/ssh/ssh_known_hosts,
/etc/ssh/ssh_known_hosts2, /etc/ssh/ssh_known_hosts.d/*.known_hosts as
default.
Distros could then ship that directories and package could place their
known hosts into that.
E.g. one could have then have distro supplied packages with the public
keys of well known services like GitHub/GitLab/etc.
That would be some good alternative for peoples who don't like/trust
the mechanisms of distributing the keys via DNS or that like.
2) Less important, but possibly still nice would be if one could
specify
GlobalKnownHostsFile and UserKnownHostsFile multiple times and the
effect being cumulative.
Perhaps one could also make a special syntax that allows
adding/removing from the list like:
GlobalKnownHostsFile = foo
or
GlobalKnownHostsFile foo
=> resets the list the list to just foo
GlobalKnownHostsFile + bar
=> adds bar
GlobalKnownHostsFile - baz
=> removes baz
Thanks,
Chris.
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
