bugzilla-daemon at bugzilla.mindrot.org
2008-Mar-19 16:02 UTC
[Bug 1449] New: ssh does not give option to trust on changed keys
https://bugzilla.mindrot.org/show_bug.cgi?id=1449
Summary: ssh does not give option to trust on changed keys
Classification: Unclassified
Product: Portable OpenSSH
Version: 4.7p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: trivial
Priority: P2
Component: ssh
AssignedTo: bitbucket at mindrot.org
ReportedBy: nvalcarcel at gmail.com
CC: nvalcarcel at gmail.com
When we reinstall a machine we used to enter via ssh, or change the ip
of a hostname ssh doesn't allow us to log into the machine saying the
key has change, then we need to edit the .ssh/known_hosts files by hand
and remove the entry of this host. Ssh should warn the user that the
host key has changed and give the option to allow the connection and
automatically edit that file.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2008-Mar-19 20:18 UTC
[Bug 1449] ssh does not give option to trust on changed keys
https://bugzilla.mindrot.org/show_bug.cgi?id=1449
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at zip.com.au
--- Comment #1 from Darren Tucker <dtucker at zip.com.au> 2008-03-20
07:18:54 ---
1) you can save and restore the keys when you reinstall (useful
particularly if you have many clients).
2) See CheckHostIP in ssh_config(5) for the case where the address
changes.
3) you can use "ssh-keygen -R hostname" to delete an entry from
known_hosts rather than hand-editing.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2008-Jun-12 07:37 UTC
[Bug 1449] ssh does not give option to trust on changed keys
https://bugzilla.mindrot.org/show_bug.cgi?id=1449
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WONTFIX
CC| |djm at mindrot.org
--- Comment #2 from Damien Miller <djm at mindrot.org> 2008-06-12
17:37:28 ---
This is quite deliberate, we want explicit user interaction to force a
changed key. You can use "ssh-keygen -R [hostname]" to automate the
actual removal, but we need users to *think about it*.
This will not be changing.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2008-Jul-22 02:21 UTC
[Bug 1449] ssh does not give option to trust on changed keys
https://bugzilla.mindrot.org/show_bug.cgi?id=1449
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #3 from Damien Miller <djm at mindrot.org> 2008-07-22
12:21:34 ---
Mass update RESOLVED->CLOSED after release of openssh-5.1
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
Reasonably Related Threads
- Human readable .ssh/known_hosts?
- [Bug 2145] New: ssh-keygen -R doesn't work when there are entries for "proxycommand" keys
- [Bug 1319] New: ssh-keygen does not properly handle multiple keys
- [Bug 2591] New: ssh-keygen -R is case-sensitive, but should not be
- [Bug 2673] New: Multiple ssh keys for a given server