Tom Lane wrote:
> Magnus Hagander <magnus@hagander.net> writes:
>> Tom Lane wrote:
>>> In my experience ssh itself isn't this strict. Why should libpq be?
>
>> ssh prompts the user when this happens. We don't have a mechanism for
>> prompting the user.
>
> In the first place, I have never seen such a prompt, despite the fact
> that I use ssh constantly to connect to machines that I know do not have
> properly signed certificates. If there is such a prompt, it isn't the
> default behavior. In the second place, unconditionally failing isn't a
> particularly nice emulation of a prompting behavior.
*really*? Here's what I get as an example (after removing the trust):
ha@mha-laptop:~/.ssh$ ssh cvs.postgresql.org
The authenticity of host 'cvs.postgresql.org (217.196.146.206)' can't be
established.
DSA key fingerprint is 54:27:10:f3:48:0a:f0:b6:c3:14:79:7e:49:c0:75:f3.
Are you sure you want to continue connecting (yes/no)? ^C
Are you saying you're not getting that? I've got that (or similar) on
every single platform I recall having used...
ssh doesn't use certificates, actually, it uses known host keys. The
difference being that with certificates you trust the root and thereby
everything under it. For ssh, afaik, you need to trust each host
individually.
> Perhaps a suitable compromise is to have the failure message include
> a hint about how to prevent the failure if you don't want it?
That would definitely work for me.
//Magnus