Displaying 20 results from an estimated 4000 matches similar to: "[Bug 1788] New: simple option to ignore known_hosts"
2024 Feb 14
1
How to remove old entries from known_hosts?
On 14/02/2024 11:42, Chris Green wrote:
> Is there any way to remove old entries from the known_hosts file? With
> the hashed 'names' one can't easily see which entries are which. I
> have around 150 lines in my known hosts but in reality I only ssh to a
> dozen or so systems. All the redundant ones are because I have a
> mixed population of Raspberry Pis and such on
2017 Jul 05
9
[Bug 2738] New: UpdateHostKeys does not check keys in secondary known_hosts files
https://bugzilla.mindrot.org/show_bug.cgi?id=2738
Bug ID: 2738
Summary: UpdateHostKeys does not check keys in secondary
known_hosts files
Product: Portable OpenSSH
Version: 7.4p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: ssh
2020 Jul 17
0
[Bug 1654] ~/.ssh/known_hosts.d/*
https://bugzilla.mindrot.org/show_bug.cgi?id=1654
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #7 from Darren Tucker <dtucker at
2003 Mar 04
0
hashing known_hosts
Scenario:
I have access to a semi-public (about 30 users) server where I keep my
webpage. Occasionally, especially if I'm on the road. I use this as a
bounce point to get to "secured" systems which only allow ssh from
certian IP's. (Ignoring the discussion on spoofing, since we have host
keys)
But host keys are the problem. If anyone gets root on this hypothetical
2023 Aug 18
1
Host key verification (known_hosts) with ProxyJump/ProxyCommand
On 18/8/23 18:37, Jochen Bern wrote:
> On 18.08.23 07:39, Darren Tucker wrote:
>> On Fri, 18 Aug 2023 at 15:25, Stuart Longland VK4MSL <me at vk4msl.com>
>> wrote:
>> [...]
>>> The crux of this is that we cannot assume the local IPv4 address is
>>> unique, since it's not (and in many cases, not even static).
>>
>> If the IP address is
2020 Oct 04
3
UpdateHostkeys now enabled by default
On Sun, Oct 04, 2020 at 10:50:32PM +1100, Damien Miller wrote:
> On Sun, 4 Oct 2020, Matthieu Herrb wrote:
>
> > On Sun, Oct 04, 2020 at 09:24:12PM +1100, Damien Miller wrote:
> > > On Sun, 4 Oct 2020, Damien Miller wrote:
> > >
> > > > No - I think you've stumbled on a corner case I hadn't anticipated.
> > > > Does your configuration
2016 Dec 09
2
HashKnownHosts vs @cert-authority
Hi folks,
maybe I am too blind to see, but would it be possible to
avoid extra entries in known_hosts, if the remote host
has a signed public key matching a @cert-authority line?
Something like
Host *
HashKnownHosts unsigned
This could help to keep the known_hosts file small and
yet get all the unsigned public keys in.
Just a suggestion, of course. Regards
Harri
2024 Feb 17
1
How to remove old entries from known_hosts?
Brian Candler wrote:
> Chris Green wrote:
> > ... redundant ones are because I have a mixed population of
> > Raspberry Pis and such on my LAN and they get rebuilt fairly
> > frequently and thus, each time, get a new entry in known_hosts.
> ...many useful tips...
> To disable host key checking altogether for certain domains and/or networks,
> you can put this in
2020 Sep 29
12
Human readable .ssh/known_hosts?
Hi list members,
just tried to get some old records out of my known_hosts, which is 'HashKnownHosts yes'. Is there a way to unhash host names and/or IPs?
Google tells about, how to add hosts, but not the opposite, may be I miss some thing.
Is this does not work at all, is there a best practice for cleaning old hosts and keys out?
Thanks, Martin!
--
Martin
GnuPG Key Fingerprint, KeyID
2023 Aug 18
2
Host key verification (known_hosts) with ProxyJump/ProxyCommand
On 18.08.23 07:39, Darren Tucker wrote:
> On Fri, 18 Aug 2023 at 15:25, Stuart Longland VK4MSL <me at vk4msl.com> wrote:
> [...]
>> The crux of this is that we cannot assume the local IPv4 address is
>> unique, since it's not (and in many cases, not even static).
>
> If the IP address is not significant, you can tell ssh to not record
> them ("CheckHostIP
2012 Mar 27
0
[Bug 1993] New: ssh tries to add keys to ~/.ssh/known_hosts though StrictHostKeyChecking yes is set
https://bugzilla.mindrot.org/show_bug.cgi?id=1993
Bug #: 1993
Summary: ssh tries to add keys to ~/.ssh/known_hosts though
StrictHostKeyChecking yes is set
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.9p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
2024 Feb 14
2
How to remove old entries from known_hosts?
Is there any way to remove old entries from the known_hosts file? With
the hashed 'names' one can't easily see which entries are which. I
have around 150 lines in my known hosts but in reality I only ssh to a
dozen or so systems. All the redundant ones are because I have a
mixed population of Raspberry Pis and such on my LAN and they get
rebuilt fairly frequently and thus, each time,
2020 Jul 10
0
[Bug 1654] ~/.ssh/known_hosts.d/*
https://bugzilla.mindrot.org/show_bug.cgi?id=1654
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at dtucker.net
--- Comment #5 from Darren Tucker <dtucker at dtucker.net> ---
Created attachment
2015 May 28
0
[Bug 1993] ssh tries to add keys to ~/.ssh/known_hosts though StrictHostKeyChecking yes is set
https://bugzilla.mindrot.org/show_bug.cgi?id=1993
--- Comment #8 from Damien Miller <djm at mindrot.org> ---
The hostkeys-00 at openssh.com extension has to be explicitly enabled via
UpdateHostKeys=yes|ask
The OP's question is the CheckHostIP option updating addresses for
hostnames it already knows about. We could probably clarify the
documentation for this behaviour, but if you want
2020 Sep 30
3
Human readable .ssh/known_hosts?
On Tue, 29 Sep 2020 at 23:16, Nico Kadel-Garcia <nkadel at gmail.com> wrote:
[...]
> I gave up on $HOME/.ssh/known_hosts a *long* time ago, because if
> servers are DHCP distributed without static IP addresses they can wind
> up overlapping IP addresses with mismatched hostkeys
You can set CheckHostIP=no in your config. As long as the names don't
change it'll do what you
2015 Jun 01
0
[Bug 1993] ssh tries to add keys to ~/.ssh/known_hosts though StrictHostKeyChecking yes is set
https://bugzilla.mindrot.org/show_bug.cgi?id=1993
--- Comment #9 from Christoph Anton Mitterer <calestyo at scientia.net> ---
(replies to all your comments in one)
Hey.
Sorry for the delay.
(In reply to Darren Tucker from comment #5)
> > $ ssh -o StrictHostKeyChecking=no someHost
> > Warning: Permanently added the ECDSA host key for IP address
> >
2013 Mar 22
1
[PATCH] Allow matching HostName against Host entries
It would be useful to allow matching HostName entries against Host
entries. That's to say, I would find it very convenient to have an
ssh_config like:
Host zeus
HostName zeus.greek.gods
User hades
Host hera
HostName hera.greek.gods
# [ ... ]
Host *.greek.gods
User poseidon
UserKnownHostsFile ~/.ssh/known_hosts.d/athens
# [ Default settings for *.greek.gods ]
where I
2016 Mar 16
0
[Bug 1654] ~/.ssh/known_hosts.d/*
https://bugzilla.mindrot.org/show_bug.cgi?id=1654
--- Comment #4 from Vincent Fortier <vincent.fortier at canada.ca> ---
If I can add, I just came accross a clear case where this feature is
lacking for me which forces me to redirect to /dev/null: I need to
access multiple hosts from various management networks accross multiple
locations. Management IP are often the same at every location
2016 Oct 26
2
[Bug 2631] New: Hostkey update and rotation - No IP entries added to known_hosts
https://bugzilla.mindrot.org/show_bug.cgi?id=2631
Bug ID: 2631
Summary: Hostkey update and rotation - No IP entries added to
known_hosts
Product: Portable OpenSSH
Version: 7.3p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
2020 Sep 05
2
Support for UserKnownHostsFile tokens?
Hi Damien/all,
Since github etc use a potentially large number of IP addresses (albeit with a small number of keys), I'd like more granular oversight over their entries in my known_hosts.
Eg, here is a simplified stanza from my current ssh config:
Host github gitlab
User git
Hostname %h.com
UserKnownHostsFile ~/.ssh/known_hosts.d/git
There doesn't seem to be a good way to filter only