LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
confirmation before changing an existing key on the host,
unless the -X option is specified (in which case, the key is not
changed unless -F is also specified.)
If you specify the ! option, the specified keys are removed from the
host entry in the directory server. The actual keys on the host are
not removed.
If you specify the ? option, the keys on the host are validated against
those found in the representative directory entry for the specified
host. This option is usually used on the local host, so that the owner
can verify that host key integrity as represented by the directory
server. Note that often the ? character can be interpreted by the
shell (see the shells(4) manpage), and therefore should be
escaped or enclosed in quotation marks.
When adding or modifying keys for a remote host, ldaphostmgr
attempts to connect to that remote host using ssh itself. However,
ssh itself might not be able to trust the identity of the remote host if
a local copy of the remote host’s key is not available in a local
known_hosts file or in the LDAP directory server.
If the identity of the remote host cannot be positively identified,
ldaphostmgr issues a WARNING and prompts for confirmation
that the remote key should be trusted. If the user chooses to trust the
unidentified host, ssh-keyscan is used to discover the remote
public keys and add/replace them in the directory server entry.
Because untrusted discovery is subject to man-in-the-middle or
spoofing attacks, this method for key discovery is not recommended
unless the key fingerprint can be validated.
Specifying the ^ option disables remote key management, and
indicates to ldaphostmgr that the remote host cannot be directly
managed by the solution. Instead, the result from a direct
ssh-keyscan should be used to discover the remote host’s public
keys. For example, an appliance that supports ssh, but does not
have HP-UX on it, cannot respond properly to remote management
commands. Again, ldaphostmgr issues a WARNING and prompts
for confirmation that the remote key should be trusted. Because
untrusted discovery is subject to unauthorized attacks, this method
for key discovery is not recommended unless the key fingerprint
can be validated.
NOTE: If the ^ flag is specified and the target is the local host,
ldaphostmgr simply takes the current public keys and uploads
them to the directory server. Since the keys on the local host are
considered trusted, a WARNING prompt is not displayed.
If the -X option is specified, ldaphostmgr does not prompt, and
fails without adding the keys to the directory entry, unless the -F
option is also specified. Use of ^, -X, and -F, or answering yes
to the “Untrusted Discovery:” prompt is not recommended as the
primary method for discovery of host keys unless an external and
validated transport method can be used to validate the integrity of
the updated keys. For example, if the user can create a trusted
session to the host (such as connecting to the physical console), the
ldaphostmgr -k ? command can be used to validate that the
334 Command and tool reference