https://bugzilla.mindrot.org/show_bug.cgi?id=2673
--- Comment #3 from George Shuklin <[email protected]> --- (In reply to Darren Tucker from comment #1) > (In reply to George Shuklin from comment #0) > [...] > > 1) server booting from golden image. Golden image has 'build-in' > > host ssh key which is changed after system configuration management > > application set up proper ssh key for server. > > The down side is that anyone with access to the golden image could > MITM connections. Yes, there is a risk, but it's less than 'use -R every time'. Adding additional keys is not default configuration, so unexpected users wouldn't be affected. > > Proposition: permit multiple host keys for a given server name > > and/or IP address. > > Anyway, that's already possible but for different host key types. > You could set HostKeyAlgorithms=ssh-rsa for one host and > HostKeyAlgorithms=ssh-ed25519 on the other. > > I think having multiple keys of the same type valid for one host is > a risk, though. Is any reason why to have two different keys with different algo is OK, but to have two different keys with same algo is not OK? -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
