[Pkg-ltsp-devel] Bug#783606: Acknowledgement (Host not saved into known_hosts)

[Petr Šťastný]

I just dug more deeply into this problem.

First problem: I found that pam_sshauth reads /etc/ssh/ssh_known_hosts,
which is not mentioned in manual page and I was not able to figure auth
which known_hosts file is used. I had to have a look into source code.

Second problem: pam_sshauth seems not to write anything into
/etc/ssh/ssh_known_hosts although manual page states that "If contacting
a host for which we don't have an entry in known_hosts, ask, via the pam
prompts, if you'd like to trust this host, and add it to your
known_hosts file.  The default will be to fail the authentication." I
interpret this information as it should add the host into
ssh_known_hosts when I say "yes". But there is nothing about saving the
host key in pam_sshauth's source code.

Third and main problem: pam_sshauth does not work with hashed
known_hosts entries, which is default behavior in Debian Jessie (at
least, I don't know the situation in previous releases).

If I create /etc/ssh/ssh_known_hosts manually using the following
command, it works:

ssh-keyscan X.X.X.X > /etc/ssh/ssh_known_hosts

But this (which is Debian Jessie default) does not work (host
name/address output is hashed) - pam_sshauth ignore these entries:

ssh-keyscan -H X.X.X.X > /etc/ssh/ssh_known_hosts