Re: openssh known_hosts question
- From: Chuck <skilover_nospam@xxxxxxxxxxxxxx>
- Date: Wed, 21 Jun 2006 13:51:19 GMT
Richard E. Silverman wrote:
"Chuck" == Chuck <skilover_nospam@xxxxxxxxxxxxxx> writes:
Chuck> How does openssh know whether you've accepted a server's key
Chuck> before so as not to ask the next time 'round?
Chuck> I ran an ssh-keyscan against all servers in my known_hosts
Chuck> file, redirected the output to a new file and compared it the
Chuck> two files. They were the same so obviously it's not there. So
Chuck> where does it store that info?
If you accept a key yourself as part of an SSH session, it's stored in
~/.ssh/known_hosts. There is also a per-machine file,
/etc/ssh_known_hosts.
Note that OpenSSH does not canonicalize names; it matches what you type on
the command line verbatim against the keys in the known_hosts file (aside
from the use of patterns in that file). So if you have an entry:
foo.bar.com ssh-rsa AAAAB3NzaC1kc3MAAACBAMXXH+SzAIPRN38GehSA...
and you type "ssh foo", they will not match. You can edit thus:
foo.bar.com,foo ssh-rsa AAAAB3NzaC1kc3MAAACBAMXXH+SzAIPRN38GehSA...
... to fix this. Or, you can use Kerberos, which does canonicalize
names.
Thanks Richard. That's probably what happened. Is there a way to tell
ssh-keyscan to include the hostname, FQDN, and IP address all in the
first field?
.
- Follow-Ups:
- Re: openssh known_hosts question
- From: Richard E. Silverman
- Re: openssh known_hosts question
- References:
- openssh known_hosts question
- From: Chuck
- Re: openssh known_hosts question
- From: Richard E. Silverman
- openssh known_hosts question
- Prev by Date: Re: openssh known_hosts question
- Next by Date: SSHv1's exponent is always 35
- Previous by thread: Re: openssh known_hosts question
- Next by thread: Re: openssh known_hosts question
- Index(es):
Relevant Pages
|
|
