summaryrefslogtreecommitdiff
path: root/website
diff options
context:
space:
mode:
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>2008-08-03 20:32:59 -0400
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>2008-08-03 20:32:59 -0400
commit405fb7c3c93c4cef1f08a3edc9ea0d31c7a6df57 (patch)
tree0f489a496b508f55169c4b96132d32580ea27a85 /website
parente25d4efcb9b4f8d1f23014fc3a61bee088514665 (diff)
adding a new bug about the interaction between HostKeyAlias and monkeysphere-ssh-proxycommand
Diffstat (limited to 'website')
-rw-r--r--website/bugs/hostkeyalias-confuses-monkeysphere.mdwn28
1 files changed, 28 insertions, 0 deletions
diff --git a/website/bugs/hostkeyalias-confuses-monkeysphere.mdwn b/website/bugs/hostkeyalias-confuses-monkeysphere.mdwn
new file mode 100644
index 0000000..4f7df66
--- /dev/null
+++ b/website/bugs/hostkeyalias-confuses-monkeysphere.mdwn
@@ -0,0 +1,28 @@
+Consider the following snippet in `~/.ssh/config`:
+
+ Host foo
+ HostKeyAlias bar
+
+for a host which is *not* participating in the monkeysphere.
+
+For such a host, when using `monkeysphere-ssh-proxy-command`, the
+public keyservers will be queried on each attempted ssh connection
+(even after a successful connection).
+
+This appears to be because:
+
+* `ssh` itself will write a line to `~/.ssh/known_hosts`, but it will
+ be labeled with `bar` because of the `HostKeyAlias`.
+
+* `monkeysphere` won't be able to find any mention of it in the
+ keyring (it's not in the monkeysphere)
+
+* `monkeysphere-ssh-proxycommand` won't be able to find it in the
+ `known_hosts` file because it looks for `foo`, which is never
+ matched.
+
+excessive keyserver querying is bad behavior, because it causes delays
+for the users, and puts excessive load on the public keyserver
+infrastructure.
+
+How can we resolve this?