bugzilla-daemon at bugzilla.mindrot.org
2010-Nov-21 14:03 UTC
[Bug 1839] New: ssh/scp to localhost/127.0.0.1 should not update known_hosts
https://bugzilla.mindrot.org/show_bug.cgi?id=1839
Summary: ssh/scp to localhost/127.0.0.1 should not update
known_hosts
Product: Portable OpenSSH
Version: 5.3p1
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Miscellaneous
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: dirk at computer42.org
If ssh/scp is used on computers with a shared home directory the
localhost key noted in ~/.ssh/known_hosts is ambiguous.
If the user fist ssh to localhost on host A and afterwards do the same
on host B he is getting an error message.
On the other side the host key for localhost is only a valuable
security enhancement if localhost isn't bound to an uncommon ip number.
(But this should cause a lot of troubles that hits a user before.)
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Nov-22 00:46 UTC
[Bug 1839] ssh/scp to localhost/127.0.0.1 should not update known_hosts
https://bugzilla.mindrot.org/show_bug.cgi?id=1839
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at zip.com.au
--- Comment #1 from Darren Tucker <dtucker at zip.com.au> 2010-11-22
11:46:45 EST ---
$ man ssh_config
[...]
NoHostAuthenticationForLocalhost
This option can be used if the home directory is shared across
machines. In this case localhost will refer to a different
machine on each of the machines and the user will get many warn-
ings about changed host keys. However, this option disables
host
authentication for localhost. The argument to this keyword must
be ``yes'' or ``no''. The default is to check the host
key for
localhost.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Nov-22 00:57 UTC
[Bug 1839] ssh/scp to localhost/127.0.0.1 should not update known_hosts
https://bugzilla.mindrot.org/show_bug.cgi?id=1839
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WORKSFORME
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Jan-24 01:33 UTC
[Bug 1839] ssh/scp to localhost/127.0.0.1 should not update known_hosts
https://bugzilla.mindrot.org/show_bug.cgi?id=1839
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #2 from Damien Miller <djm at mindrot.org> 2011-01-24 12:33:29
EST ---
Move resolved bugs to CLOSED after 5.7 release
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
Possibly Parallel Threads
- [Bug 1476] New: .ssh/known_hosts does not save port number
- [Bug 1993] ssh tries to add keys to ~/.ssh/known_hosts though StrictHostKeyChecking yes is set
- [Bug 2591] New: ssh-keygen -R is case-sensitive, but should not be
- Human readable .ssh/known_hosts?
- [Bug 1788] New: simple option to ignore known_hosts