bugzilla-daemon at bugzilla.mindrot.org
2017-Jul-05 20:34 UTC
[Bug 2738] New: UpdateHostKeys does not check keys in secondary known_hosts files
https://bugzilla.mindrot.org/show_bug.cgi?id=2738 Bug ID: 2738 Summary: UpdateHostKeys does not check keys in secondary known_hosts files Product: Portable OpenSSH Version: 7.4p1 Hardware: amd64 OS: Linux Status: NEW Severity: minor Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: jaap at jaapeldering.nl I have the following settings (among others) in my ~/.ssh/config: HashKnownHosts no UserKnownHostsFile ~/.ssh/known_hosts ~/.ssh/known_hosts_common UpdateHostKeys ask When I connect to a known host, ssh nicely asks me to store new host keys it learned about, and stores them in ~/.ssh/known_hosts. All fine so far. Now I move these entries to ~/.ssh/known_hosts_common, and next time I connect to that host, ssh asks me again about the same host keys. Thus, it seems it doesn't check the secondary file given to UserKnownHostsFile for presence of host keys. Background information: I'm synchronizing the second file ~/.ssh/known_hosts_common between multiple machines/accounts, and prefer to store some common hosts there, and not clutter my primary file ~/.ssh/known_hosts with duplicate host keys. Conclusion: it would be nice if ssh would check all known_hosts files for presence of new host keys before asking to add them. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Jul-06 05:56 UTC
[Bug 2738] UpdateHostKeys does not check keys in secondary known_hosts files
https://bugzilla.mindrot.org/show_bug.cgi?id=2738 --- Comment #1 from Jaap Eldering <jaap at jaapeldering.nl> --- Created attachment 3008 --> https://bugzilla.mindrot.org/attachment.cgi?id=3008&action=edit patch I think the attached patch should fix the problem. I tested it on Debian Stretch against version 7.4p1-10 (with Debian patchlevel) and it worked as expected. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Aug-11 05:08 UTC
[Bug 2738] UpdateHostKeys does not check keys in secondary known_hosts files
https://bugzilla.mindrot.org/show_bug.cgi?id=2738 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org --- Comment #2 from Damien Miller <djm at mindrot.org> --- Unfortunately that patch is not sufficient: update_known_hosts() still won't ever update keys in subsequent user_hostfiles I think update_known_hosts() will need to consider all hostfiles, but that will take a refactor of hostfile.c:hostfile_replace_entries() too. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Aug-16 17:48 UTC
[Bug 2738] UpdateHostKeys does not check keys in secondary known_hosts files
https://bugzilla.mindrot.org/show_bug.cgi?id=2738 --- Comment #3 from Jaap Eldering <jaap at jaapeldering.nl> --- I forgot about that use case. If it would be considered for inclusion, I'd be happy to try and write a patch that covers that case too. For my understanding: any occurence of the given host,key-type pair in any of the known_hosts files would have to be replaced by the newly learned key, right? -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2019-Jan-23 00:37 UTC
[Bug 2738] UpdateHostKeys does not check keys in secondary known_hosts files
https://bugzilla.mindrot.org/show_bug.cgi?id=2738 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2894 Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=2894 [Bug 2894] Set UpdateHostKeys for interactive sessions to 'ask' (or consider defaulting to 'yes') -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2020-Jan-24 01:18 UTC
[Bug 2738] UpdateHostKeys does not check keys in secondary known_hosts files
https://bugzilla.mindrot.org/show_bug.cgi?id=2738 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |3079 Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=3079 [Bug 3079] Tracking bug for 8.2 release -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2020-Jan-25 00:22 UTC
[Bug 2738] UpdateHostKeys does not check keys in secondary known_hosts files
https://bugzilla.mindrot.org/show_bug.cgi?id=2738 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #3008|0 |1 is obsolete| | CC| |dtucker at dtucker.net Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org Status|NEW |ASSIGNED Attachment #3349| |ok?(dtucker at dtucker.net) Flags| | Status|ASSIGNED |RESOLVED Resolution|--- |FIXED --- Comment #4 from Damien Miller <djm at mindrot.org> --- Created attachment 3349 --> https://bugzilla.mindrot.org/attachment.cgi?id=3349&action=edit Update additional UserKnownHostsFiles --- Comment #5 from Damien Miller <djm at mindrot.org> --- Fix committed, will be in openssh-8.2 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2020-Feb-05 22:25 UTC
[Bug 2738] UpdateHostKeys does not check keys in secondary known_hosts files
https://bugzilla.mindrot.org/show_bug.cgi?id=2738 --- Comment #6 from Jaap Eldering <jaap at jaapeldering.nl> --- Thanks a lot! -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Mar-03 22:51 UTC
[Bug 2738] UpdateHostKeys does not check keys in secondary known_hosts files
https://bugzilla.mindrot.org/show_bug.cgi?id=2738 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #7 from Damien Miller <djm at mindrot.org> --- close bugs that were resolved in OpenSSH 8.5 release cycle -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2023-Jan-13 02:42 UTC
[Bug 2738] UpdateHostKeys does not check keys in secondary known_hosts files
https://bugzilla.mindrot.org/show_bug.cgi?id=2738 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #3349|ok?(dtucker at dtucker.net) | Flags| | -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
Reasonably Related Threads
- [Bug 2894] New: Set UpdateHostKeys for interactive sessions to 'ask' (or consider defaulting to 'yes')
- [Bug 3079] New: Tracking bug for 8.2 release
- [Bug 2066] New: ssh tries the keys proposed by the agent before those passed with -i
- include directive doesn''t expand parameters?
- SUCCESS: OpenSSH_6.7p1-snap20150220