1. 22
  1.  

  2. 8

    Key feature for me:

    • ssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for “yes”. This allows the user to paste a fingerprint obtained out of band at the prompt and have the client do the comparison for you.

    One of those things I didn’t realize I needed until it’s provided.

    1. 1

      You should never have to accept new host keys in a production environment. You should be capturing them and syncing them for all users so they already have a pre-populated known_hosts. There is no simple mechanism to do this with which is sad, but it’s not hard to build.

      1. 2

        In some isolated, well-controlled environments, sure – or you could use certificates and a CA. But there are still plenty of scenarios where that’s not going to be the case (for example, when I first authenticate to my remote backup service, or my VPS provider’s out-of-band console, both of whom just publish host key fingerprints that I otherwise would have to manually verify).