HostKey checking and DNS finger print verification
This is a discussion on HostKey checking and DNS finger print verification within the OpenSSH Development forums, part of the Networking and Network Related category; Hello All, I have a client-server setup with about 100 nodes. We often install the OS and this results ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-23-2006
|
|||
|
|||
HostKey checking and DNS finger print verification
Hello All,
I have a client-server setup with about 100 nodes. We often install the OS and this results in change of host keys in our server. This necessiates the need to update all known_hosts files in the client machines. Im using the VerifyHostKeyDNS option in the client side where the DNS is updated with new finger print each time we change the host key. But still the SSH client verifies its known_hosts file even the DNS finger print matches. Is there any way to overcome clients local database checking if DNS finger print matches? What are the security issues associated with this way? Thanks, Senthil Kumar. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org http://www.mindrot.org/mailman/listi...enssh-unix-dev 
|
Linear Mode
