similar to: StrictHostKeyChecking ask

https://bugzilla.mindrot.org/show_bug.cgi?id=3176 Bug ID: 3176 Summary: can't figure out how to test StrictHostKeyChecking accept-new Product: Portable OpenSSH Version: 8.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh

https://bugzilla.mindrot.org/show_bug.cgi?id=1993 --- Comment #9 from Christoph Anton Mitterer <calestyo at scientia.net> --- (replies to all your comments in one) Hey. Sorry for the delay. (In reply to Darren Tucker from comment #5) > > $ ssh -o StrictHostKeyChecking=no someHost > > Warning: Permanently added the ECDSA host key for IP address > >

https://bugzilla.mindrot.org/show_bug.cgi?id=1993 Bug #: 1993 Summary: ssh tries to add keys to ~/.ssh/known_hosts though StrictHostKeyChecking yes is set Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: All Status: NEW Severity: normal

https://bugzilla.mindrot.org/show_bug.cgi?id=1993 alex at testcore.net changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |alex at testcore.net Version|5.9p1 |6.2p1 --- Comment #1 from alex at testcore.net --- Also

https://bugzilla.mindrot.org/show_bug.cgi?id=1993 --- Comment #7 from Darren Tucker <dtucker at zip.com.au> --- (In reply to Darren Tucker from comment #6) > Created attachment 2635 [details] > Remove length limits on know host file name in log messages A slightly different version of the patch has been committed and will be in the 6.9 release. (When I first looked at this I assumed

https://bugzilla.mindrot.org/show_bug.cgi?id=1993 --- Comment #5 from Darren Tucker <dtucker at zip.com.au> --- (In reply to Christoph Anton Mitterer from comment #4) > Hi guys. > > With version: 6.7p1 > > > Regarding my initial report: > > It *still* happens, that SSH automatically adds a key, i.e.: > $ echo > ~/.ssh/known_hosts > $ ssh -o

ssh -oStrictHostKeyChecking=no scrub @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just

https://bugzilla.mindrot.org/show_bug.cgi?id=1993 Christoph Anton Mitterer <calestyo at scientia.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Version|6.2p1 |6.7p1 --- Comment #4 from Christoph Anton Mitterer <calestyo at scientia.net> --- Hi guys.

http://bugzilla.mindrot.org/show_bug.cgi?id=1209 Summary: StrictHostKeyChecking really needs a 4th option Product: Portable OpenSSH Version: 4.3p2 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy:

Long ago, when I wrote the ssh config file on my desktop box, ssh (which might have been the non-openssh one) took 3 possible values for the StrictHostKeyChecking option - yes, no & ask. Today, when I attempted to connect to a new machine, with no DNS entries (so using IP address) from my desktop box, ssh (now 2.3.0p1) SEGVed. Looks like there is some subtle interaction between having an

https://bugzilla.mindrot.org/show_bug.cgi?id=1993 --- Comment #8 from Damien Miller <djm at mindrot.org> --- The hostkeys-00 at openssh.com extension has to be explicitly enabled via UpdateHostKeys=yes|ask The OP's question is the CheckHostIP option updating addresses for hostnames it already knows about. We could probably clarify the documentation for this behaviour, but if you want

https://bugzilla.mindrot.org/show_bug.cgi?id=1993 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|dtucker at zip.com.au |djm at mindrot.org Status|NEW |ASSIGNED Attachment #2641|

Folks, I read the 5.7 release announcement and updated, to try out ECDSA. Most parts worked very smoothly. The inability to create SSHFP records is understandable, since IANA haven't allocated a code yet. One apparent bug: I think StrictHostKeyChecking=ask is broken for ECDSA. % ssh -o HostKeyAlgorithms=ecdsa-sha2-nistp256 localhost

On 14/02/2024 11:42, Chris Green wrote: > Is there any way to remove old entries from the known_hosts file? With > the hashed 'names' one can't easily see which entries are which. I > have around 150 lines in my known hosts but in reality I only ssh to a > dozen or so systems. All the redundant ones are because I have a > mixed population of Raspberry Pis and such on

Hi! Is it somehow possible to disable the known_hosts checking for some hosts? The StrictHostKeyChecking affects only the asking about new computers, but doesn't affect the changed ones. I need it for the test computers, which are reinstalled twice/hour and I really don't like editing .ssh/known_hosts each time :-( Thanks Michal

https://bugzilla.mindrot.org/show_bug.cgi?id=2501 Bug ID: 2501 Summary: VerifyHostKeyDNS & StrictHostKeyChecking Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org

Hello, the ssh_config man page for StrictHostKeyChecking contains a misleading sentence. The description of the option ends with "The host keys of known hosts will be verified automatically in all cases.". This sounds to me like no matter the value of StrictHostKeyChecking the host keys are verified; "verified" meaning "don't connect if they don't match".

https://bugzilla.mindrot.org/show_bug.cgi?id=1654 --- Comment #4 from Vincent Fortier <vincent.fortier at canada.ca> --- If I can add, I just came accross a clear case where this feature is lacking for me which forces me to redirect to /dev/null: I need to access multiple hosts from various management networks accross multiple locations. Management IP are often the same at every location

Perfect, thanks. This winds up working for me (as far as I've tested so far.) Match exec "ping -q -c 1 -t 1 %n | grep '192\.168\.'" StrictHostKeyChecking no UserKnownHostsFile none On Wed, Aug 26, 2015 at 11:47 PM, Bostjan Skufca <bostjan at a2o.si> wrote: > (+cc list) > > You could use something in the following manner: > > Match originalhost *

Hi list, I use ssh a lot and I often need to connect to hosts whose host key has changed. If a host key of the remote host changes ssh terminates and the user has to manually delete the offending host key from known_hosts. I had to do this so many times that I no longer like the idea ;-) I would really like ssh to ask me if the new host key is OK and if I want to add it to known_hosts. I talked