bugzilla-daemon at bugzilla.mindrot.org
2016-Oct-26 04:42 UTC
[Bug 2631] New: Hostkey update and rotation - No IP entries added to known_hosts
https://bugzilla.mindrot.org/show_bug.cgi?id=2631
Bug ID: 2631
Summary: Hostkey update and rotation - No IP entries added to
known_hosts
Product: Portable OpenSSH
Version: 7.3p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: lkinley at gmail.com
When UpdateHostKeys=yes/ask, only hostname based entries are added to
known_hosts file when learning new hostkeys.
Shouldn't IP entries also be added?
Consider the following scenario:
User connects for the first time, specifying a HostKeyAlgorithms
setting that is not first in the default list (rsa-sha2-256 in this
case), HashKnownHosts=yes, and UpdateHostKeys=yes. Server sends key,
it gets recorded in known_hosts both under the hostname and the IP.
User authenticates and additional keys are learned and stored under
only the hostname.
A second connection is made with the default HostKeyAlgorithms value.
A warning and prompt is issued because the ECDSA key differs from the
RSA key stored under the IP address.
This warning and prompt would be avoided if the hostkey update and
rotation process recorded a known_hosts entry with the IP address, too.
Is this intentional?
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2019-Jul-19 05:15 UTC
[Bug 2631] Hostkey update and rotation - No IP entries added to known_hosts
https://bugzilla.mindrot.org/show_bug.cgi?id=2631
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WORKSFORME
Status|NEW |RESOLVED
CC| |djm at mindrot.org
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
UpdateKnownhosts does record IP addresses when CheckHostIP=yes. I just
double checked and it is working.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Apr-23 04:55 UTC
[Bug 2631] Hostkey update and rotation - No IP entries added to known_hosts
https://bugzilla.mindrot.org/show_bug.cgi?id=2631
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #2 from Damien Miller <djm at mindrot.org> ---
closing resolved bugs as of 8.6p1 release
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
Possibly Parallel Threads
- UpdateHostkeys now enabled by default
- [Bug 2738] New: UpdateHostKeys does not check keys in secondary known_hosts files
- UpdateHostkeys now enabled by default
- [Bug 2650] New: UpdateHostKeys ignores RSA keys if HostKeyAlgorithms=rsa-sha2-256
- [Bug 2169] New: command to remove outdated hostkey from known_hosts file wrong