On Thu, 27 Mar 2008 22:13:04 -0000, "Mathias Gug" <[EMAIL PROTECTED]> said: > On Thu, Mar 27, 2008 at 07:23:56PM -0000, era wrote: > > + It's a usability problem that openssh-client behaves differently > > the first time you connect to a host, particularly if you hop > > between client machines all the time and might or might not have > > connected from that particular client before. It would be an > > improvement if it would just silently add new hosts without > > asking. (I don't understand why it has to ask, anyway.) > > Keeping track of host fingerprints is one of the most important > component of the ssh architecture and is paramount in making sure the > ssh environment is secured.
Oh, I quite agree. That's why I think the default should be to simply add keys as they are encountered, without asking. Perhaps my imagination is too limited, but I fail to come up with a common scenario where a regular user would seriously think about this question, let alone come up with a reason to not want to add a host key. (Maybe for localhost when you have a tunnel in place and really are connecting elsewhere; that would make sense. But then a newbie would not be able to predict the problem, and so would probably accept a key for localhost by routine as well.) > If you *really* want to disable the messages, you should look into > using the StrictHostKeyChecking option. Before doing so, make sure you > fully understand the roles of fingerprints and public keys in an ssh > infrastructure. The wishlist bug really asks for a facility for disabling the question without turning off strict checking. You should be able to enable strict checking and still have keys silently added. > status wontfix Please reconsider this. I think my request has some merit. /* era */ -- If this were a real .signature, it would suck less. Well, maybe not. -- Wishlist: add new host keys to known_hosts without asking https://bugs.launchpad.net/bugs/207686 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
