search for: client_input_hostkeys

...o service ssh restart When I connect to serverA (`ssh -v -o UpdateHostKeys=yes serverA`) afterwards, known_hosts on the client is not updated. The output of the ssh command contains this: debug1: Host '[serverA.domain.internal]:22' is known and matches the ED25519 host key. # ... debug1: client_input_hostkeys: searching /Users/snafu/.ssh/known_hosts for [serverA.domain.internal]:22 / (none) debug1: client_input_hostkeys: searching /Users/snafu/.ssh/known_hosts2 for [serverA.domain.internal]:22 / (none) debug1: client_input_hostkeys: hostkeys file /Users/snafu/.ssh/known_hosts2 does not exist debug1: cli...

...connect to serverA (`ssh -v -o UpdateHostKeys=yes serverA`) > afterwards, known_hosts on the client is not updated. The output of the > ssh command contains this: > > debug1: Host '[serverA.domain.internal]:22' is known and matches the ED25519 host key. > # ... > debug1: client_input_hostkeys: searching /Users/snafu/.ssh/known_hosts for [serverA.domain.internal]:22 / (none) > debug1: client_input_hostkeys: searching /Users/snafu/.ssh/known_hosts2 for [serverA.domain.internal]:22 / (none) > debug1: client_input_hostkeys: hostkeys file /Users/snafu/.ssh/known_hosts2 does not exist &...

...o UpdateHostKeys=yes serverA`) > > afterwards, known_hosts on the client is not updated. The output of the > > ssh command contains this: > > > > debug1: Host '[serverA.domain.internal]:22' is known and matches the ED25519 host key. > > # ... > > debug1: client_input_hostkeys: searching /Users/snafu/.ssh/known_hosts for [serverA.domain.internal]:22 / (none) > > debug1: client_input_hostkeys: searching /Users/snafu/.ssh/known_hosts2 for [serverA.domain.internal]:22 / (none) > > debug1: client_input_hostkeys: hostkeys file /Users/snafu/.ssh/known_hosts2 does n...

...: channel 0: new session [client-session] (inactive timeout: 0) debug2: channel 0: send open debug1: Requesting no-more-sessions at openssh.com debug1: Entering interactive session. debug1: pledge: filesystem debug1: client_input_global_request: rtype hostkeys-00 at openssh.com want_reply 0 debug1: client_input_hostkeys: searching /home/bsradmin/.ssh/known_hosts for localhost / (none) debug1: client_input_hostkeys: searching /home/bsradmin/.ssh/known_hosts2 for localhost / (none) debug1: client_input_hostkeys: hostkeys file /home/bsradmin/.ssh/known_hosts2 does not exist debug1: client_input_hostkeys: no new or de...

...ty: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: aranea at aixah.de The UpdateHostKeys feature is designed to only add host key fingerprints to known_hosts if the corresponding signature algorithm is allowed by the HostKeyAlgorithms setting (see client_input_hostkeys() in clientloop.c). However, for RSA keys it only checks HostKeyAlgorithms for the presence of ssh-rsa. If HostKeyAlgorithms includes rsa-sha2-{256,512}, but not ssh-rsa, RSA keys are ignored even though they could be used for authentication. -- You are receiving this mail because: You are watch...

..."password". debug1: channel 0: new session [client-session] (inactive timeout: 0) debug1: Requesting no-more-sessions at openssh.com debug1: Entering interactive session. debug1: pledge: filesystem debug1: client_input_global_request: rtype hostkeys-00 at openssh.com want_reply 0 debug1: client_input_hostkeys: searching /export/home/user/.ssh/known_hosts for 10.106.101.142 / (none) debug1: client_input_hostkeys: searching /export/home/user/.ssh/known_hosts2 for 10.106.101.142 / (none) debug1: client_input_hostkeys: hostkeys file /export/home/user/.ssh/known_hosts2 does not exist Learned new hostkey: RSA...

There's currently no way to express trust for an SSH certificate CA other than by manually adding it to known_hosts. This patch modifies the automatic key write-out behaviour on user verification to associate the hostname with the CA rather than the host key, allowing environments making use of certificates to update (potentially compromised) host keys without needing to modify client