Displaying 20 results from an estimated 4000 matches similar to: "known_hosts question for Ubuntu Server 14.04 and 16.04 LTS"
2013 May 14
2
[Bug 1993] ssh tries to add keys to ~/.ssh/known_hosts though StrictHostKeyChecking yes is set
https://bugzilla.mindrot.org/show_bug.cgi?id=1993
alex at testcore.net changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |alex at testcore.net
Version|5.9p1 |6.2p1
--- Comment #1 from alex at testcore.net ---
Also
2024 Feb 17
1
How to remove old entries from known_hosts?
Brian Candler wrote:
> Chris Green wrote:
> > ... redundant ones are because I have a mixed population of
> > Raspberry Pis and such on my LAN and they get rebuilt fairly
> > frequently and thus, each time, get a new entry in known_hosts.
> ...many useful tips...
> To disable host key checking altogether for certain domains and/or networks,
> you can put this in
2020 Sep 29
12
Human readable .ssh/known_hosts?
Hi list members,
just tried to get some old records out of my known_hosts, which is 'HashKnownHosts yes'. Is there a way to unhash host names and/or IPs?
Google tells about, how to add hosts, but not the opposite, may be I miss some thing.
Is this does not work at all, is there a best practice for cleaning old hosts and keys out?
Thanks, Martin!
--
Martin
GnuPG Key Fingerprint, KeyID
2024 Feb 14
2
How to remove old entries from known_hosts?
Is there any way to remove old entries from the known_hosts file? With
the hashed 'names' one can't easily see which entries are which. I
have around 150 lines in my known hosts but in reality I only ssh to a
dozen or so systems. All the redundant ones are because I have a
mixed population of Raspberry Pis and such on my LAN and they get
rebuilt fairly frequently and thus, each time,
2011 Apr 08
1
Host selection in ssh_config
Hello there,
I'm a little afraid of writing here, hope I don't make any mistake doing
so. I'm trying for days and searching the web too, but no obvious
solution, no reply from the specialized forum I wrote in.
Here is the situation:
I would like to have a lighter security inside our domain, without
changing when going outside. By "lighter security" I mean at least, no
2011 Jan 24
1
ECDSA and first connection; bug?
Folks,
I read the 5.7 release announcement and updated, to try out ECDSA. Most
parts worked very smoothly. The inability to create SSHFP records is
understandable, since IANA haven't allocated a code yet.
One apparent bug: I think StrictHostKeyChecking=ask is broken for ECDSA.
% ssh -o HostKeyAlgorithms=ecdsa-sha2-nistp256 localhost
2024 Feb 14
1
How to remove old entries from known_hosts?
On 14/02/2024 11:42, Chris Green wrote:
> Is there any way to remove old entries from the known_hosts file? With
> the hashed 'names' one can't easily see which entries are which. I
> have around 150 lines in my known hosts but in reality I only ssh to a
> dozen or so systems. All the redundant ones are because I have a
> mixed population of Raspberry Pis and such on
2015 Apr 22
2
shared private key
Hi SSH-devs,
This may be a bit off topic for this list, but....
Would it be ok to share a private key in an installer script so long
as the corresponding public key is setup like this...
command="cat ~/.ssh/id_rsa.pub" ssh-rsa AAAA...
I'm looking for a secure way to get a user to share their public key
through SSH which can be invoked from an installer on another
host...for
2023 Aug 18
1
Host key verification (known_hosts) with ProxyJump/ProxyCommand
On Fri, 18 Aug 2023 at 17:18, Stuart Longland VK4MSL <me at vk4msl.com> wrote:
> On 18/8/23 15:39, Darren Tucker wrote:
[...]
> > I think you just need "HostKeyAlias mytarget" here.
>
> Ahh, in my scanning through the `ssh_config` manpage, I missed this, and
> change logs seem to indicate this feature has been around since at least
> 2017, so should not cause
2020 Sep 29
2
Human readable .ssh/known_hosts?
On 29.09.20 12:44, Damien Miller wrote:
> On Tue, 29 Sep 2020, Martin Drescher wrote:
>
>> Hi list members,
[...]> You can however find and delete hosts by name using ssh-keygen.
>
> To find entries matching a hostname, use "ssh-keygen -F hostname", e.g.
The point is, file has over 600 hashes stored.
> $ ssh-keygen -lF haru.mindrot.org
> # Host
2006 Feb 04
2
[PATCH] allow user to update changed key in known_hosts
Hi list,
I use ssh a lot and I often need to connect to hosts whose host key has
changed. If a host key of the remote host changes ssh terminates and the
user has to manually delete the offending host key from known_hosts. I
had to do this so many times that I no longer like the idea ;-)
I would really like ssh to ask me if the new host key is OK and if I
want to add it to known_hosts.
I talked
2002 Feb 19
2
hostkey checking
Hi!
Is it somehow possible to disable the known_hosts checking for some hosts?
The StrictHostKeyChecking affects only the asking about new computers, but
doesn't affect the changed ones.
I need it for the test computers, which are reinstalled twice/hour and
I really don't like editing .ssh/known_hosts each time :-(
Thanks
Michal
2002 Jan 10
4
Potential SSH2 exploit
I just noticed (at least on OpenSSH 3.0p1) that even though I have both RSA
and DSA keys available in sshd_config on a server, only a ssh-rsa line
shows up in known_hosts on the client side, not a ssh-dss line (that
priority may come from the fact that my RSA key is listed before my DSA key
in sshd_config). If I comment out the RSA key in sshd_config and restart
the server, then the next time the
2009 Feb 16
1
StrictHostKeyChecking is being ignored
ssh -oStrictHostKeyChecking=no scrub
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just
2020 Oct 30
3
[Bug 3226] New: Feature request: Prempt fingerprint prompt when connecting to new server
https://bugzilla.mindrot.org/show_bug.cgi?id=3226
Bug ID: 3226
Summary: Feature request: Prempt fingerprint prompt when
connecting to new server
Product: Portable OpenSSH
Version: 8.4p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component:
2015 Aug 26
5
Disabling host key checking on LAN
If I want to specify for LAN addresses that I don't want to deal with host
keys, how do I do that? Understanding the risks, knowing almost everyone
will say not to do this - it's a horrible idea, but deciding I want to do
it anyway. Tired of having to remove entries from known_hosts with the
multiple VM's I have that often change fingerprints, and am willing to live
with the risks.
2003 Oct 20
12
[Bug 747] host authentication requires RSA1 keys
http://bugzilla.mindrot.org/show_bug.cgi?id=747
Summary: host authentication requires RSA1 keys
Product: Portable OpenSSH
Version: 3.7.1p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Documentation
AssignedTo: openssh-bugs at mindrot.org
ReportedBy:
2019 Mar 15
4
prompt to update a host key
On 03/15/2019 12:49 AM, Jeremy Lin wrote:
> [...] connecting to hosts where the host key
> changes frequently. I realize this is a fairly niche use case [...]
Doesn't StrictHostKeyChecking=no do what is wanted?
2015 May 18
32
[Bug 2400] New: StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400
Bug ID: 2400
Summary: StrictHostKeyChecking=no behaviour on HOST_CHANGED is
excessively insecure
Product: Portable OpenSSH
Version: 6.8p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component:
2003 Jun 20
1
[PATCH] accepting changed hostkeys
Hi,
I often change the machines (and thus the hostkeys) that are on a IP (a
service environment with a IP assinged for the machine to test).
So every time I want to connect to a new machine I have to delete the previous
key from the known_hosts file.
Since I got tired of running a remove script manually, I made this small patch
which adds the possibility to replace the real key with the