search for: known_host

Hello & thanks for reading. I'm having a problem configuring known_hosts from scripts so an accept key yes/no prompt doesn't appear. I'm using this command to detect if the server is known and add it to known_hosts: if ! ssh-keygen -F ${IP_ADDR} -f ~/.ssh/known_hosts > /dev/null 2>&1; t hen ssh-keyscan -p ${PORT} ${IP_ADDR} >> ~/.ssh/known_hos...

...OS: Linux Status: NEW Severity: trivial Priority: P5 Component: ssh-keygen Assignee: unassigned-bugs at mindrot.org Reporter: jidanni at jidanni.org We observe that aside from the first run below, the message "/home/jidanni/.ssh/known_hosts updated." is incorrect. Using diff(1) we show that the contents remain the same. Therefore in the latter cases, saying "/home/jidanni/.ssh/known_hosts NOT updated." would be better. Nor is there any reason to write a backup. $ ssh-keygen -f "/home/jidanni/.ssh/known_hosts&quot...

On 2024-10-17 19:26, Nico Kadel-Garcia wrote: > > Thank you! Increasing the verbosity revealed a known_hosts entry linked > > to serverA's IP address (I had forgotten that I had connected to it by > > IP address at some point). Deleting this entry solved the problem; the > > new host key was stored in known_hosts when I connected to serverA > > again. > > > > - Jan...

...s:%ld", > > 2104 sshkey_ssh_name(ctx->keys[i]), > > 2105 l->path, l->linenum); > > 2106 return 0; > > 2107 } > > 2108 } > > Thank you! Increasing the verbosity revealed a known_hosts entry linked > to serverA's IP address (I had forgotten that I had connected to it by > IP address at some point). Deleting this entry solved the problem; the > new host key was stored in known_hosts when I connected to serverA > again. > > - Jan And... *THIS* is why so many...

...20, Damien Miller wrote: > > > > > > > No - I think you've stumbled on a corner case I hadn't anticipated. > > > > Does your configuration override CheckHostIP at all? > > > > No. > > > > > > > > > > What are the known_hosts entries for the hostname and IP? > > > > > > Also, do you use HashKnownHosts? or do you have any hashed host lines > > > in known_hosts? > > > > Yes I use HashKnownHosts yes > > Thanks - I think that was the missing piece of the puzzle. Can you >...

...: NEW Severity: enhancement Priority: P5 Component: ssh-keygen Assignee: unassigned-bugs at mindrot.org Reporter: s.egbert at sbcglobal.net The command in question discovered in earlier 7.9p1 and also in latest 8.1p1: ssh-keygen -f "~/.ssh/known_hosts" -R "johndoe" Expected output: known_hosts: No such file or directory The actual result output is: mkstemp: No such file or directory `strace -f` shows: openat(AT_FDCWD, "~/.ssh/known_hosts.TgA5TDcI46", O_RDWR|O_CREAT|O_EXCL, 0600) = -1 ENOENT (No such fi...

Hey folks-- When ssh creates a known_hosts file for a user, it disregards the currently-set umask, and can actually turn on mode bits that the user has explicitly masked. While i'm happy to have ssh make files *more* secure than my umask (in situations where that's reasonable, like the creation of new ssh keys, etc), i'm not s...

...leges, immediate termination of employment, and/or prosecution to the fullest extent of the law. Last login: Mon Oct 9 11:00:11 2023 from 10.10.10.62 #]0;user at wrkstn42: ~#user at wrkstn42:~$ exit logout Connection to 10.106.101.142 closed. < user_lamborghini ~/.ssh: > Now I have TWO known_hosts files. known_hosts and known_hosts.old. < user_lamborghini ~/.ssh: > ls -l total 10 -rw-r--r-- 1 user user 221 Mar 18 2012 authorized_keys -rw-r--r-- 1 user user 26 Aug 30 10:12 config -rw-r--r-- 1 user user 302 Sep 7 10:57 env -rw------- 1 user user 792 Oct 9 1...

https://bugzilla.mindrot.org/show_bug.cgi?id=2169 Bug ID: 2169 Summary: command to remove outdated hostkey from known_hosts file wrong Product: Portable OpenSSH Version: 6.2p1 Hardware: Other OS: Linux Status: NEW Severity: minor Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org...

https://bugzilla.mindrot.org/show_bug.cgi?id=1654 Summary: ~/.ssh/known_hosts.d/* Product: Portable OpenSSH Version: 5.1p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: unassigned-bugs at mindrot.org ReportedBy: josh at f...

Is there any way to remove old entries from the known_hosts file? With the hashed 'names' one can't easily see which entries are which. I have around 150 lines in my known hosts but in reality I only ssh to a dozen or so systems. All the redundant ones are because I have a mixed population of Raspberry Pis and such on my LAN and they get rebu...

On 2024-10-14 14:48, Damien Miller wrote: > On Sun, 13 Oct 2024, Jan Eden via openssh-unix-dev wrote: > > When I connect to serverA (`ssh -v -o UpdateHostKeys=yes serverA`) > > afterwards, known_hosts on the client is not updated. The output of the > > ssh command contains this: > > > > debug1: Host '[serverA.domain.internal]:22' is known and matches the ED25519 host key. > > # ... > > debug1: client_input_hostkeys: searching /Users/snafu/.ssh/known_hosts...

Hey all, I came across a security news article, referenced by http://www.linux.org/news, at http://www.techworld.com/security/news/index.cfm?NewsID=3668 talking about an SSH weakness involving the known_hosts file. I apologize if this issue has already been addressed, but the mailing list archives didn't turn up anything when i tried searching for something relevant. So; not to knee-jerk or anything, but is anyone currently looking into this? Does this need to be addressed, or has it already been t...

Hi, for a test lab, I'm trying to write a small shell script that will eradicate all information regarding a special host from the known_hosts file. Unfortunately, it is quite non-trivial to find out what ssh doesn't like with a host. ssh says which line in known_hosts has the offending key, but ssh-keygen -R doesn't take a line number. Am I using an undocumented interface when I simply use sed to delete the appopriate line? If...

...e, for those of you who don't feel like following the bug URL, is that when one has ssh servers behind a NAT, each of which responds to a different port on the NAT IP, they must all have the same host key to avoid the ssh man-in-the-middle warning about a changed host key. In short, because the known_hosts file is indexed only by name/IP and not port, there is no way to distinguish between servers by port. The discussion in 2002, which led to the bug being closed without a fix, involved how different keys for the same name/IP would affect hostbased authentication. It's been over a year now, an...

...ow) and restarted ssh: cd /etc/ssh sudo ssh-keygen -f 2024_ssh_host_ed25519_key -t ed25519 -N '' sudo vi /etc/ssh/sshd_config # added line: HostKey /etc/ssh/2024_ssh_host_ed25519_key sudo service ssh restart When I connect to serverA (`ssh -v -o UpdateHostKeys=yes serverA`) afterwards, known_hosts on the client is not updated. The output of the ssh command contains this: debug1: Host '[serverA.domain.internal]:22' is known and matches the ED25519 host key. # ... debug1: client_input_hostkeys: searching /Users/snafu/.ssh/known_hosts for [serverA.domain.internal]:22 / (none) debug1:...

Hi guys, I'm working on a project which concern SSH and there is something i don't understand about server authentication. So I explain my problem: - When you authorize only RSA keys in the sshd_config on the server, you need to have the RSA public key of this server in the known_hosts file of the client. This is absolutely normal. - When you authorize only DSA keys in the sshd_config on the server, you need to have the DSA public key of this server in the known_hosts file of the client. This is also absolutely normal. - But when you authorize both RSA and DSA keys, you are ob...

On Sun, 4 Oct 2020, Matthieu Herrb wrote: > Hi, > > on OpenBSD-current I now get this when connecting to an existing > machine for which I have both ecdsa an ed25519 keys in my existing > known_hosts (but apparently ed25519 keys where added only for the name > previsously by ssh): > > Warning: the ED25519 host key for 'freedom' differs from the key for > the IP address '2a03:7220:8081:6101:6552:9ca8:512b:9251' > Offending key for IP in /home/matthieu/.ssh/known_...

...keygen -f 2024_ssh_host_ed25519_key -t ed25519 -N '' > > sudo vi /etc/ssh/sshd_config > # added line: HostKey /etc/ssh/2024_ssh_host_ed25519_key > > sudo service ssh restart > > > When I connect to serverA (`ssh -v -o UpdateHostKeys=yes serverA`) > afterwards, known_hosts on the client is not updated. The output of the > ssh command contains this: > > debug1: Host '[serverA.domain.internal]:22' is known and matches the ED25519 host key. > # ... > debug1: client_input_hostkeys: searching /Users/snafu/.ssh/known_hosts for [serverA.domain.inter...

Hi folks, maybe I am too blind to see, but would it be possible to avoid extra entries in known_hosts, if the remote host has a signed public key matching a @cert-authority line? Something like Host * HashKnownHosts unsigned This could help to keep the known_hosts file small and yet get all the unsigned public keys in. Just a suggestion, of course. Regards Harri