bugzilla-daemon at mindrot.org
2025-May-24 06:22 UTC
[Bug 3826] New: add all of the remote's keys to .known_hosts
https://bugzilla.mindrot.org/show_bug.cgi?id=3826
Bug ID: 3826
Summary: add all of the remote's keys to .known_hosts
Product: Portable OpenSSH
Version: 10.0p2
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: martin-eric.racine at iki.fi
Whenever the remote host changes the order in which it offers host
keys, the user gets the warning about a possible man-in-the-middle
attack. This could be avoided if 'ssh' added ALL of the remote's
keys
at once, whenever someone types "yes", instead of assuming that only
one key can authenticate the remote correctly. Once this has been
implemented, 'ssh' could warn if any of the known keys no longer is
valid and offer to remove it.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2025-May-24 06:53 UTC
[Bug 3826] add all of the remote's keys to .known_hosts
https://bugzilla.mindrot.org/show_bug.cgi?id=3826
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
It does, see UpdateHostKeys.
This option is fairly cautious and won't store additional hostkeys in
all situations, check the output of "ssh -vvv host" to see whether
what
it's doing.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2025-Sep-24 12:21 UTC
[Bug 3826] add all of the remote's keys to .known_hosts
https://bugzilla.mindrot.org/show_bug.cgi?id=3826
????????? <gotov27 at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
OS|Linux |All
Hardware|Other |All
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
Reasonably Related Threads
- SSH host key rotation – known_hosts file not updated
- Re: SSH host key rotation – known_hosts file not updated
- [Bug 2738] New: UpdateHostKeys does not check keys in secondary known_hosts files
- SSH host key rotation – known_hosts file not updated
- [Bug 3219] New: Can't connect to a server that is using several host keys of the same type