Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ssh-hostkey enhancement

From: Patrick Donnelly <batrick () batbytes com>
Date: Fri, 20 Sep 2013 23:51:43 -0400
On Fri, Sep 20, 2013 at 3:39 PM, Patrick Donnelly <batrick () batbytes com> wrote:

On Thu, Sep 19, 2013 at 5:40 PM, Fyodor <fyodor () nmap org> wrote:

Hi George.  This is a neat feature but my initial thought is that if added
to trunk, it should probably be off by default.  Users who want it could
then set known-hosts.  Then again, if there are folks who would like to
have it on by default, now is a good time to speak up.


I told George to write it this way. I can understand hesitation
towards reading ~/.ssh/known_hosts. My opinion is that this is a
harmless improvement. However, I'm okay with this being turned on by
the user although I worry the script's enhanced functionality won't
see use as a result.


Another option, possibly in addition to ~/.ssh/known_hosts, is to have
a persistent ~/.nmap/known_hosts (?) so the user can track changes in
ssh host keys. This has the benefit of not adding/reading the user's
known_hosts file while giving Nmap a place to put keys it finds for
future scans.

-- 
Patrick Donnelly
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: