Bug 3377 - improve GlobalKnownHostsFile and UserKnownHostsFile (wildcards + mulitple specifications)
Summary: improve GlobalKnownHostsFile and UserKnownHostsFile (wildcards + mulitple spe...
Status: NEW
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: 8.8p1
Hardware: Other All
: P5 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-01-05 03:39 AEDT by Christoph Anton Mitterer
Modified: 2022-01-05 03:39 AEDT (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Christoph Anton Mitterer 2022-01-05 03:39:35 AEDT 
Hey.

The following features would be quite nice IMO:

1) Allowing to specify directories or better wildcards for GlobalKnownHostsFile and UserKnownHostsFile.
The idea would be especially to have something like:
GlobalKnownHostsFile /etc/ssh/ssh_known_hosts, /etc/ssh/ssh_known_hosts2, /etc/ssh/ssh_known_hosts.d/*.known_hosts as default.
Distros could then ship that directories and package could place their known hosts into that.
E.g. one could have then have distro supplied packages with the public keys of well known services like GitHub/GitLab/etc.

That would be some good alternative for peoples who don't like/trust the mechanisms of distributing the keys via DNS or that like.


2) Less important, but possibly still nice would be if one could specify 
GlobalKnownHostsFile and UserKnownHostsFile multiple times and the effect being cumulative.
Perhaps one could also make a special syntax that allows adding/removing from the list like:
GlobalKnownHostsFile = foo
or
GlobalKnownHostsFile foo
=> resets the list the list to just foo

GlobalKnownHostsFile + bar
=> adds bar

GlobalKnownHostsFile - baz
=> removes baz


Thanks,
Chris.