Until now, servers with no domain name attached could not use self-signed certificate without specifying its IP address in the Subject Alternative Names certificate extension, otherwise the client would not accept the connection. This means that it could not use the generate_openssl_selfsigned_certificate.sh script.
Now, when (and only when) connecting to a host without domain name (i.e. a pure-IP host), the client puts selfsigned.ssh3 in the TLS ServerName option. If the server self-signed cert installed in .ssh3/known_hosts matches that, then the connection can be established with the server without domain name.
Until now, servers with no domain name attached could not use self-signed certificate without specifying its IP address in the Subject Alternative Names certificate extension, otherwise the client would not accept the connection. This means that it could not use the
generate_openssl_selfsigned_certificate.sh
script.Now, when (and only when) connecting to a host without domain name (i.e. a pure-IP host), the client puts
selfsigned.ssh3
in the TLS ServerName option. If the server self-signed cert installed in.ssh3/known_hosts
matches that, then the connection can be established with the server without domain name.