diff options
author | Jamie McClelland <jm@mayfirst.org> | 2008-08-05 09:45:02 -0400 |
---|---|---|
committer | Jamie McClelland <jm@mayfirst.org> | 2008-08-05 09:45:02 -0400 |
commit | 2c64cd42335d7c0eeb904d9b9bdb09d7fa8456c5 (patch) | |
tree | 34b4f48e920bbae3c7ac7b6fc439b67d7188db47 /website/bugs/hostkeyalias-confuses-monkeysphere.mdwn | |
parent | 38d9be677ee1928e92b6c914a5467fe9bf8bcd4e (diff) | |
parent | 515d8eb967427b04506041dfaea60ea155e79f47 (diff) |
Merge commit 'dkg/master'
Diffstat (limited to 'website/bugs/hostkeyalias-confuses-monkeysphere.mdwn')
-rw-r--r-- | website/bugs/hostkeyalias-confuses-monkeysphere.mdwn | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/website/bugs/hostkeyalias-confuses-monkeysphere.mdwn b/website/bugs/hostkeyalias-confuses-monkeysphere.mdwn new file mode 100644 index 0000000..4f7df66 --- /dev/null +++ b/website/bugs/hostkeyalias-confuses-monkeysphere.mdwn @@ -0,0 +1,28 @@ +Consider the following snippet in `~/.ssh/config`: + + Host foo + HostKeyAlias bar + +for a host which is *not* participating in the monkeysphere. + +For such a host, when using `monkeysphere-ssh-proxy-command`, the +public keyservers will be queried on each attempted ssh connection +(even after a successful connection). + +This appears to be because: + +* `ssh` itself will write a line to `~/.ssh/known_hosts`, but it will + be labeled with `bar` because of the `HostKeyAlias`. + +* `monkeysphere` won't be able to find any mention of it in the + keyring (it's not in the monkeysphere) + +* `monkeysphere-ssh-proxycommand` won't be able to find it in the + `known_hosts` file because it looks for `foo`, which is never + matched. + +excessive keyserver querying is bad behavior, because it causes delays +for the users, and puts excessive load on the public keyserver +infrastructure. + +How can we resolve this? |