Re: openssh known_hosts question

"Chuck" == Chuck <skilover_nospam@xxxxxxxxxxxxxx> writes:

Chuck> Richard E. Silverman wrote:
>>>>>>> "Chuck" == Chuck <skilover_nospam@xxxxxxxxxxxxxx> writes:
>>
Chuck> How does openssh know whether you've accepted a server's key
Chuck> before so as not to ask the next time 'round?
>>
Chuck> I ran an ssh-keyscan against all servers in my known_hosts
Chuck> file, redirected the output to a new file and compared it the
Chuck> two files. They were the same so obviously it's not there. So
Chuck> where does it store that info?
>> If you accept a key yourself as part of an SSH session, it's
>> stored in ~/.ssh/known_hosts. There is also a per-machine file,
>> /etc/ssh_known_hosts.
>>
>> Note that OpenSSH does not canonicalize names; it matches what you
>> type on the command line verbatim against the keys in the
>> known_hosts file (aside from the use of patterns in that file). So
>> if you have an entry:
>>
>> foo.bar.com ssh-rsa AAAAB3NzaC1kc3MAAACBAMXXH+SzAIPRN38GehSA...
>>
>> and you type "ssh foo", they will not match. You can edit thus:
>>
>> foo.bar.com,foo ssh-rsa AAAAB3NzaC1kc3MAAACBAMXXH+SzAIPRN38GehSA...
>>
>> ... to fix this. Or, you can use Kerberos, which does canonicalize
>> names.
>>

Chuck> Thanks Richard. That's probably what happened. Is there a way
Chuck> to tell ssh-keyscan to include the hostname, FQDN, and IP
Chuck> address all in the first field?

ssh-keyscan -t rsa foo,foo.bar.com,10.1.2.3
# foo SSH-2.0-OpenSSH_3.8.1p1 Debian-krb5 3.8.1p1-7
foo,foo.bar.com,10.1.2.3 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAw00dWgXpeCpGfpPSJ8/xlfgSIINB8u1p3l65ck/solAECGxixh/yCBLRk8FL4Zsed8qAsI/YRaFPY3iZflrTZl9dtDAglL1QK2chi/HFQ1AqSlZrmfzaYV3dimEwWMm3jTcgb6Hnf3Ze1llilQHUFsEZ32gwQpt0G4WyYtiQfJ0=


--
Richard Silverman
res@xxxxxxxx

.

Relevant Pages

  • Re: Texas Parasol Plans...
    ... The problem isn't the Canadian group that Richard blames for all his ... Richard didn't DESIGN the Texas Parasol, Chuck Beason did along with ... Also Richard refused to do a wing load test. ... wing design that was called for in the plans... ...
    (rec.aviation.homebuilt)
  • Re: Texas Parasol Plans...
    ... attracted me as a project after my actual plane is finished, ... Richard $30.00 for his CD or DVD. ... Richard didn't DESIGN the Texas Parasol, Chuck Beason did along with ... Also Richard refused to do a wing load test. ...
    (rec.aviation.homebuilt)
  • Re: Can negating a non-negative signed integer value ever overflow?
    ... article, including the attribution line, and answered the question. ... Thanks Richard, Keith and Chuck for catching me up. ... "Can negating a negative signed integer value ever overflow?" ...
    (comp.lang.c)
  • Re: openssh known_hosts question
    ... Chuck> How does openssh know whether you've accepted a server's key ... Note that OpenSSH does not canonicalize names; it matches what you type on ... foo.bar.com,foo ssh-rsa AAAAB3NzaC1kc3MAAACBAMXXH+SzAIPRN38GehSA... ... Thanks Richard. ...
    (comp.security.ssh)
  • Re: Medicare D
    ... >>>How do they get their groceries, clothes, cars, etc.?? ... >>Chuck has little independent thought. ... >Richard why didn't your parents teach you manners? ... A candle loses nothing by lighting another candle. ...
    (alt.support.diabetes)