Re: SSH with a central host list?

From: Darren Tucker (dtucker_at_zip.com.au)
Date: 01/17/05

  • Next message: Wilson, Richard E: "RE: SSH with a central host list?"
    Date: Mon, 17 Jan 2005 16:59:12 +1100
    To: John Horne <John.Horne@plymouth.ac.uk>
    
    

    John Horne wrote:
    > I have been asked to see if there is a secure shell client, be it open
    > source, shareware, commercial or whatever, that supports some form of
    > 'central host list'. Ideally this would be just a text list of DNS names
    > held on a central file store. That way the team only has to update one
    > list and the change is then immediately accessible to all team members.

    OpenSSH supports looking up host key fingerprints in DNS itself. Take a
    look at README.dns in the source distribution and/or the draft spec at
    http://www.ietf.org/internet-drafts/draft-ietf-secsh-dns-05.txt

    I don't know if any other implementations support it.

    -- 
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
         Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.
    

  • Next message: Wilson, Richard E: "RE: SSH with a central host list?"

    Relevant Pages

    • Re: SSH with a central host list?
      ... > I have been asked to see if there is a secure shell client, ... > source, shareware, commercial or whatever, that supports some form of ... > list and the change is then immediately accessible to all team members. ... Set up a DNS server. ...
      (SSH)
    • Re: Sky BB, first day report
      ... judgement. ... while earlier today - I suspect their DNS ... Install it and forget it. ...
      (uk.telecom.broadband)
    • Re: X.509 and ssh
      ... It needs a secure ... DT> DNS to be useful, and only helps with known hosts, though. ... Good judgement comes with experience. ...
      (comp.security.ssh)
    • Re: X.509 and ssh
      ... as alternatives to static known hosts files] ... SSH fingerprints via DNS, RFC4255. ... It needs a secure DNS to be useful, ... Good judgement comes with experience. ...
      (comp.security.ssh)