similar to: known_hosts file format

Scenario: I have access to a semi-public (about 30 users) server where I keep my webpage. Occasionally, especially if I'm on the road. I use this as a bounce point to get to "secured" systems which only allow ssh from certian IP's. (Ignoring the discussion on spoofing, since we have host keys) But host keys are the problem. If anyone gets root on this hypothetical

Hi list, I use ssh a lot and I often need to connect to hosts whose host key has changed. If a host key of the remote host changes ssh terminates and the user has to manually delete the offending host key from known_hosts. I had to do this so many times that I no longer like the idea ;-) I would really like ssh to ask me if the new host key is OK and if I want to add it to known_hosts. I talked

Here's our situation. Two hosts, s1, s2, each with its own key. Domain name foo is aliased to either s1 or s2 (each with its own fixed IP address), depending on which is working correctly at any given time. The known_hosts(5) man page, when it comes into existence, should explain how I would express that the ip-address/key pair from either s1 or s2 is acceptable when connecting to foo.

Hey folks-- When ssh creates a known_hosts file for a user, it disregards the currently-set umask, and can actually turn on mode bits that the user has explicitly masked. While i'm happy to have ssh make files *more* secure than my umask (in situations where that's reasonable, like the creation of new ssh keys, etc), i'm not sure that i see the point in ssh making the files more open

http://bugzilla.mindrot.org/show_bug.cgi?id=393 Summary: 'known_hosts' file should be indexed by IP:PORT, not just IP Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo:

On Sun, Oct 04, 2020 at 10:50:32PM +1100, Damien Miller wrote: > On Sun, 4 Oct 2020, Matthieu Herrb wrote: > > > On Sun, Oct 04, 2020 at 09:24:12PM +1100, Damien Miller wrote: > > > On Sun, 4 Oct 2020, Damien Miller wrote: > > > > > > > No - I think you've stumbled on a corner case I hadn't anticipated. > > > > Does your configuration

https://bugzilla.mindrot.org/show_bug.cgi?id=2738 Bug ID: 2738 Summary: UpdateHostKeys does not check keys in secondary known_hosts files Product: Portable OpenSSH Version: 7.4p1 Hardware: amd64 OS: Linux Status: NEW Severity: minor Priority: P5 Component: ssh

I recently upgraded all my boxes to 2.5.1p1 (it was a convenient opportunity to get rid of a lot of versions all floating around ...) I used the RPM for RH 6.2 from openssh.com. We have an openssl RPM, that I think I got from openssh.com too (but that was a while ago :) ) - openssl-0.9.5a-2 I am seeing a problem, when ssh'ing from a redhat 6.2 box to a host that is not in a user's

https://bugzilla.mindrot.org/show_bug.cgi?id=2560 Bug ID: 2560 Summary: sshd: Description of hashed known_hosts file does not make sense and format is outdated Product: Portable OpenSSH Version: -current Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5

OpenSSH 4.0 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support to the project, especially those who contributed source and bought T-shirts or

http://bugzilla.mindrot.org/show_bug.cgi?id=523 Summary: ssh saves only host/ip information in known_hosts while port information is missing Product: Portable OpenSSH Version: 3.5p1 Platform: Other OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh

https://bugzilla.mindrot.org/show_bug.cgi?id=1993 --- Comment #9 from Christoph Anton Mitterer <calestyo at scientia.net> --- (replies to all your comments in one) Hey. Sorry for the delay. (In reply to Darren Tucker from comment #5) > > $ ssh -o StrictHostKeyChecking=no someHost > > Warning: Permanently added the ECDSA host key for IP address > >

OpenSSH 4.1 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support to the project, especially those who contributed source and bought T-shirts or

Hi all, I noticed a bit of an odd issue with maintaining `known_hosts` when the target machine is behind a bastion using `ProxyJump` or `ProxyCommand` with host key clashes. Client for me right now is OpenSSH_9.3p1 on Gentoo Linux/AMD64. I'm a member of a team, and most of us use Ubuntu (yes, I'm a rebel). Another team who actually maintain this fleet often access the same machines

On 14/02/2024 11:42, Chris Green wrote: > Is there any way to remove old entries from the known_hosts file? With > the hashed 'names' one can't easily see which entries are which. I > have around 150 lines in my known hosts but in reality I only ssh to a > dozen or so systems. All the redundant ones are because I have a > mixed population of Raspberry Pis and such on

https://bugzilla.mindrot.org/show_bug.cgi?id=2169 Bug ID: 2169 Summary: command to remove outdated hostkey from known_hosts file wrong Product: Portable OpenSSH Version: 6.2p1 Hardware: Other OS: Linux Status: NEW Severity: minor Priority: P5 Component: ssh

The attached patch implements a feature that would make my interaction with ssh somewhat more secure. When connecting to a host whose key is not in the known_hosts file, this patch makes ssh tell the user about any other hosts in the known_hosts file that have the same key. For example, if I have host A in my known_hosts file, and try to connect to host B which is an alias for A, ssh will tell

https://bugzilla.mindrot.org/show_bug.cgi?id=3627 Bug ID: 3627 Summary: openssh 9.4p1 does not see RSA keys in know_hosts file. Product: Portable OpenSSH Version: 9.4p1 Hardware: SPARC OS: Solaris Status: NEW Severity: major Priority: P5 Component: ssh

OpenSSH 4.1 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support to the project, especially those who contributed source and bought T-shirts or

Hi, for a test lab, I'm trying to write a small shell script that will eradicate all information regarding a special host from the known_hosts file. Unfortunately, it is quite non-trivial to find out what ssh doesn't like with a host. ssh says which line in known_hosts has the offending key, but ssh-keygen -R doesn't take a line number. Am I using an undocumented interface when I