Bug 3377

Summary: improve GlobalKnownHostsFile and UserKnownHostsFile (wildcards + mulitple specifications)
Product: Portable OpenSSH Reporter: Christoph Anton Mitterer <calestyo>
Component: sshAssignee: Assigned to nobody <unassigned-bugs>
Status: NEW ---    
Severity: enhancement    
Priority: P5    
Version: 8.8p1   
Hardware: Other   
OS: All   

Description Christoph Anton Mitterer 2022-01-05 03:39:35 AEDT 
Hey.

The following features would be quite nice IMO:

1) Allowing to specify directories or better wildcards for GlobalKnownHostsFile and UserKnownHostsFile.
The idea would be especially to have something like:
GlobalKnownHostsFile /etc/ssh/ssh_known_hosts, /etc/ssh/ssh_known_hosts2, /etc/ssh/ssh_known_hosts.d/*.known_hosts as default.
Distros could then ship that directories and package could place their known hosts into that.
E.g. one could have then have distro supplied packages with the public keys of well known services like GitHub/GitLab/etc.

That would be some good alternative for peoples who don't like/trust the mechanisms of distributing the keys via DNS or that like.


2) Less important, but possibly still nice would be if one could specify 
GlobalKnownHostsFile and UserKnownHostsFile multiple times and the effect being cumulative.
Perhaps one could also make a special syntax that allows adding/removing from the list like:
GlobalKnownHostsFile = foo
or
GlobalKnownHostsFile foo
=> resets the list the list to just foo

GlobalKnownHostsFile + bar
=> adds bar

GlobalKnownHostsFile - baz
=> removes baz


Thanks,
Chris.