similar to: [Bug 2169] New: command to remove outdated hostkey from known_hosts file wrong

https://bugzilla.mindrot.org/show_bug.cgi?id=2631 Bug ID: 2631 Summary: Hostkey update and rotation - No IP entries added to known_hosts Product: Portable OpenSSH Version: 7.3p1 Hardware: amd64 OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh

https://bugzilla.mindrot.org/show_bug.cgi?id=1988 Bug #: 1988 Summary: ControlPersist causes stderr to be left open until the master connection times out Classification: Unclassified Product: Portable OpenSSH Version: 5.8p2 Platform: All OS/Version: All Status: NEW Severity: normal

Hi! Is it somehow possible to disable the known_hosts checking for some hosts? The StrictHostKeyChecking affects only the asking about new computers, but doesn't affect the changed ones. I need it for the test computers, which are reinstalled twice/hour and I really don't like editing .ssh/known_hosts each time :-( Thanks Michal

Hello All, I have a client-server setup with about 100 nodes. We often install the OS and this results in change of host keys in our server. This necessiates the need to update all known_hosts files in the client machines. Im using the VerifyHostKeyDNS option in the client side where the DNS is updated with new finger print each time we change the host key. But still the SSH client verifies

https://bugzilla.mindrot.org/show_bug.cgi?id=3221 Bug ID: 3221 Summary: hostkey preference ordering is broken in some situations Product: Portable OpenSSH Version: 8.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh

https://bugzilla.mindrot.org/show_bug.cgi?id=2560 Bug ID: 2560 Summary: sshd: Description of hashed known_hosts file does not make sense and format is outdated Product: Portable OpenSSH Version: -current Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5

Hi, is there any way to use hostbased authentication without the need to have the SSH host keys stored in a known_hosts file? We run a large cluster where we need to have passwordless remote login available. We currently do that with hostbased SSH authentication. But it is error-prone and a lot of work to keep the known_hosts file up to date on all hosts. (This is the same situation like DNS vs

https://bugzilla.mindrot.org/show_bug.cgi?id=1993 --- Comment #9 from Christoph Anton Mitterer <calestyo at scientia.net> --- (replies to all your comments in one) Hey. Sorry for the delay. (In reply to Darren Tucker from comment #5) > > $ ssh -o StrictHostKeyChecking=no someHost > > Warning: Permanently added the ECDSA host key for IP address > >

On Tue, 29 Sep 2020, Nico Kadel-Garcia wrote: > As I understand this option, it does not help at all with the nearly > inevitable re-use of the same IP address for a different host with a > different hostkey in, for example, a modest DHCP based environment. > Such environments are common both in smaller, private networks and in > large public networks, and it's perhaps

On Tue, 29 Sep 2020 at 23:16, Nico Kadel-Garcia <nkadel at gmail.com> wrote: [...] > I gave up on $HOME/.ssh/known_hosts a *long* time ago, because if > servers are DHCP distributed without static IP addresses they can wind > up overlapping IP addresses with mismatched hostkeys You can set CheckHostIP=no in your config. As long as the names don't change it'll do what you

https://bugzilla.mindrot.org/show_bug.cgi?id=3157 Bug ID: 3157 Summary: known_hosts @cert-authority with legacy plain key entry drops incorrect set of HostKeyAlgorithms Product: Portable OpenSSH Version: 8.1p1 Hardware: All OS: Mac OS X Status: NEW Severity: normal Priority:

https://bugzilla.mindrot.org/show_bug.cgi?id=1993 --- Comment #5 from Darren Tucker <dtucker at zip.com.au> --- (In reply to Christoph Anton Mitterer from comment #4) > Hi guys. > > With version: 6.7p1 > > > Regarding my initial report: > > It *still* happens, that SSH automatically adds a key, i.e.: > $ echo > ~/.ssh/known_hosts > $ ssh -o

http://bugzilla.mindrot.org/show_bug.cgi?id=910 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #954 is|0 |1 obsolete| | Attachment #1052 is|0 |1 obsolete|

Hello & thanks for reading. I'm having a problem configuring known_hosts from scripts so an accept key yes/no prompt doesn't appear. I'm using this command to detect if the server is known and add it to known_hosts: if ! ssh-keygen -F ${IP_ADDR} -f ~/.ssh/known_hosts > /dev/null 2>&1; t hen ssh-keyscan -p ${PORT} ${IP_ADDR} >> ~/.ssh/known_hosts; fi This works

Hello, I am trying to get rsync-3.0.0pre10 --iconv option working between two linux hosts in local network. The client host is running Fedora Core 4 (kernel 2.6.17) and is using iso8859-1 character set. LANG=en_US The daemon host is running Centos 5 (kernel 2.6.18) and is using utf-8 character set. LANG=en_US.UTF-8 Rsync is transferring files properly without --iconv switch: fc4: (connected

https://bugzilla.mindrot.org/show_bug.cgi?id=1993 --- Comment #8 from Damien Miller <djm at mindrot.org> --- The hostkeys-00 at openssh.com extension has to be explicitly enabled via UpdateHostKeys=yes|ask The OP's question is the CheckHostIP option updating addresses for hostnames it already knows about. We could probably clarify the documentation for this behaviour, but if you want

Hey folks-- When ssh creates a known_hosts file for a user, it disregards the currently-set umask, and can actually turn on mode bits that the user has explicitly masked. While i'm happy to have ssh make files *more* secure than my umask (in situations where that's reasonable, like the creation of new ssh keys, etc), i'm not sure that i see the point in ssh making the files more open

https://bugzilla.mindrot.org/show_bug.cgi?id=1654 Summary: ~/.ssh/known_hosts.d/* Product: Portable OpenSSH Version: 5.1p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: unassigned-bugs at mindrot.org ReportedBy: josh at

Hi list members, just tried to get some old records out of my known_hosts, which is 'HashKnownHosts yes'. Is there a way to unhash host names and/or IPs? Google tells about, how to add hosts, but not the opposite, may be I miss some thing. Is this does not work at all, is there a best practice for cleaning old hosts and keys out? Thanks, Martin! -- Martin GnuPG Key Fingerprint, KeyID

http://bugzilla.mindrot.org/show_bug.cgi?id=910 Summary: known_hosts port numbers Product: Portable OpenSSH Version: 3.7.1p2 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: openssh-bugs at mindrot.org ReportedBy: devin.nate at