shell-things

History

Aminda Suomalainen e634ee8863 ssh_config: update comment for VerifyHostKeyDNS OpenSSH is evil and gives you three not-optimal options to this: A) trust DNSSEC and don't write known_hosts B) ask whether to trust DNS, but don't bother telling me if it's signed C) don't even check SSHFP I see A) as the least evil, but I wish known_hosts was written. Alternatively B) should tell me whether there is DNSSEC or not, not only "matching keys found from DNS" or whatever it says always.	2019-05-09 18:44:36 +03:00
..
config	ssh_config: update comment for VerifyHostKeyDNS	2019-05-09 18:44:36 +03:00

ssh_config: update comment for VerifyHostKeyDNS

OpenSSH is evil and gives you three not-optimal options to this:

A) trust DNSSEC and don't write known_hosts
B) ask whether to trust DNS, but don't bother telling me if it's signed
C) don't even check SSHFP

I see A) as the least evil, but I wish known_hosts was written.
Alternatively B) should tell me whether there is DNSSEC or not, not
only "matching keys found from DNS" or whatever it says always.

2019-05-09 18:44:36 +03:00

config

ssh_config: update comment for VerifyHostKeyDNS

2019-05-09 18:44:36 +03:00