workarounds for Host param not canonicalizing?
From: Ryan Barrett (secureshell_at_ryanb.org)
Date: 05/20/05
- Previous message: daniel.engelsen_at_caremark.com: "RE: remote ssh for root"
- Next in thread: Alexander Klimov: "Re: workarounds for Host param not canonicalizing?"
- Reply: Alexander Klimov: "Re: workarounds for Host param not canonicalizing?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 20 May 2005 11:21:11 -0700 (PDT) To: secureshell@securityfocus.com
hi all. the Host parameter in ssh_config matches against the hostname
typed on the command line, as opposed to the canonicalized host name. this
is to prevent DNS spoofing attacks, which is a Good Thing...
...but it does hurt usability if you routinely ssh to lots of machines.
instead of "Host *.foo.com", you have to use "Host abc def ghi ...".
needless to say, this is error-prone and hard to maintain.
does anyone have any tips for handling this? (i use openssh versions 3.6
through 3.9, on linux and openbsd.) thanks in advance...
-Ryan
-- http://ryan.barrett.name/
- Previous message: daniel.engelsen_at_caremark.com: "RE: remote ssh for root"
- Next in thread: Alexander Klimov: "Re: workarounds for Host param not canonicalizing?"
- Reply: Alexander Klimov: "Re: workarounds for Host param not canonicalizing?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
