https://bugzilla.mindrot.org/show_bug.cgi?id=2673
Darren Tucker <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #1 from Darren Tucker <[email protected]> --- (In reply to George Shuklin from comment #0) [...] > 1) server booting from golden image. Golden image has 'build-in' > host ssh key which is changed after system configuration management > application set up proper ssh key for server. The down side is that anyone with access to the golden image could MITM connections. > 2) server may reboot between two different operating systems, each > using own host ssh key. Copy one set of host keys and use it on both OSes. > 3) DynDNS-related shuffling between few servers (at given time > server is occupying on of the few known IPs, and is causing false > alerts if that IP was known to be used by previous server). Use CheckHostIP=no in the config for such hosts. [...] > Proposition: permit multiple host keys for a given server name > and/or IP address. Anyway, that's already possible but for different host key types. You could set HostKeyAlgorithms=ssh-rsa for one host and HostKeyAlgorithms=ssh-ed25519 on the other. I think having multiple keys of the same type valid for one host is a risk, though. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
