similar to: UpdateHostkeys now enabled by default

Displaying 20 results from an estimated 5000 matches similar to: "UpdateHostkeys now enabled by default"

2020 Oct 04
2
UpdateHostkeys now enabled by default
On Sun, 4 Oct 2020, Matthieu Herrb wrote: > Hi, > > on OpenBSD-current I now get this when connecting to an existing > machine for which I have both ecdsa an ed25519 keys in my existing > known_hosts (but apparently ed25519 keys where added only for the name > previsously by ssh): > > Warning: the ED25519 host key for 'freedom' differs from the key for > the
2020 Oct 04
3
UpdateHostkeys now enabled by default
On Sun, Oct 04, 2020 at 10:50:32PM +1100, Damien Miller wrote: > On Sun, 4 Oct 2020, Matthieu Herrb wrote: > > > On Sun, Oct 04, 2020 at 09:24:12PM +1100, Damien Miller wrote: > > > On Sun, 4 Oct 2020, Damien Miller wrote: > > > > > > > No - I think you've stumbled on a corner case I hadn't anticipated. > > > > Does your configuration
2020 Oct 04
2
UpdateHostkeys now enabled by default
On Sun, Oct 04, 2020 at 09:24:12PM +1100, Damien Miller wrote: > On Sun, 4 Oct 2020, Damien Miller wrote: > > > No - I think you've stumbled on a corner case I hadn't anticipated. > > Does your configuration override CheckHostIP at all? No. > > > > What are the known_hosts entries for the hostname and IP? > > Also, do you use HashKnownHosts? or do
2020 Feb 06
2
Call for testing: OpenSSH 8.2
On Wed, 5 Feb 2020, Phil Pennock wrote: > On 2020-02-06 at 10:29 +1100, Damien Miller wrote: > > * sshd(8): allow the UpdateHostKeys feature to function when > > multiple known_hosts files are in use. When updating host keys, > > ssh will now search subsequent known_hosts files, but will add > > updated host keys to the first specified file only. bz2738 >
2024 Oct 13
1
SSH host key rotation – known_hosts file not updated
Hi, I created new host keys on serverA, updated sshd_config accordingly (adding the line below) and restarted ssh: cd /etc/ssh sudo ssh-keygen -f 2024_ssh_host_ed25519_key -t ed25519 -N '' sudo vi /etc/ssh/sshd_config # added line: HostKey /etc/ssh/2024_ssh_host_ed25519_key sudo service ssh restart When I connect to serverA (`ssh -v -o UpdateHostKeys=yes serverA`) afterwards,
2015 Feb 20
3
SUCCESS: OpenSSH_6.7p1-snap20150220
Compiled OK, and operating nicely on CentOS 6.6, both 32/64 bit. Really appreciate the UpdateHostkeys feature! One issue I noticed, the screen output gets garbled if the user has been "asked" to "Accept" the new hostkeys. Looks like the screen output is missing the CR's, and only LF's get presented. [root at be2 .ssh]# ssh be1 ls -l Warning: Permanently added
2018 Aug 11
21
[Bug 2894] New: Set UpdateHostKeys for interactive sessions to 'ask' (or consider defaulting to 'yes')
https://bugzilla.mindrot.org/show_bug.cgi?id=2894 Bug ID: 2894 Summary: Set UpdateHostKeys for interactive sessions to 'ask' (or consider defaulting to 'yes') Product: Portable OpenSSH Version: 7.7p1 Hardware: Other OS: Other Status: NEW Severity: enhancement
2024 Oct 14
1
Re: SSH host key rotation – known_hosts file not updated
On Sun, 13 Oct 2024, Jan Eden via openssh-unix-dev wrote: > Hi, > > I created new host keys on serverA, updated sshd_config accordingly > (adding the line below) and restarted ssh: > > cd /etc/ssh > sudo ssh-keygen -f 2024_ssh_host_ed25519_key -t ed25519 -N '' > > sudo vi /etc/ssh/sshd_config > # added line: HostKey /etc/ssh/2024_ssh_host_ed25519_key >
2017 Jul 05
9
[Bug 2738] New: UpdateHostKeys does not check keys in secondary known_hosts files
https://bugzilla.mindrot.org/show_bug.cgi?id=2738 Bug ID: 2738 Summary: UpdateHostKeys does not check keys in secondary known_hosts files Product: Portable OpenSSH Version: 7.4p1 Hardware: amd64 OS: Linux Status: NEW Severity: minor Priority: P5 Component: ssh
2020 Oct 04
2
UpdateHostkeys now enabled by default
On Sun, 4 Oct 2020, Christoph Anton Mitterer wrote: > On Sun, 2020-10-04 at 14:02 +1100, Damien Miller wrote: > > This is strictly no worse than continuing to use the old key, so I > > don't consider it a problem. > > Well but in reality it will lead to people never again replace their > key by proper means. Well, first I disagree that this method is improper. The
2018 Nov 01
8
[Bug 2924] New: Order a limited host keys list in client based on the known hosts
https://bugzilla.mindrot.org/show_bug.cgi?id=2924 Bug ID: 2924 Summary: Order a limited host keys list in client based on the known hosts Product: Portable OpenSSH Version: 7.7p1 Hardware: Other OS: Linux Status: NEW Keywords: patch Severity: enhancement Priority:
2020 Oct 21
2
Future deprecation of ssh-rsa
I've expressed several concerns with enabling UpdateHostKeys by default, none of which were even commented on, so this topic seems to not be in any way open for discussion, but I'll still add one more thing here. Peter Stuge wrote: > Subject: Re: UpdateHostkeys now enabled by default > Date: Mon, 5 Oct 2020 11:22:29 +0000 .. > I do not disagree with progressive key management, we
2015 Feb 19
34
Call for testing: OpenSSH 6.8
Hi, OpenSSH 6.8 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is
2020 Feb 05
19
Call for testing: OpenSSH 8.2
Hi, OpenSSH 8.2p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a feature release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at
2018 Apr 21
4
build-issue on AIX with openssh-7.7p1 - easy correction! included
Get the following error: root at x065:[/data/prj/openbsd/openssh/openssh-7.7p1/openbsd-compat]make ??????? xlc_r -I/opt/include -O2 -qmaxmem=-1 -qarch=pwr5 -q64 -I. -I.. -I../../src/openssh-7.7p1/openbsd-compat -I../../src/openssh-7.7p1/openbsd-compat/.. -I/opt/include -DHAVE_CONFIG_H -c ../../src/openssh-7.7p1/openbsd-compat/strndup.c
2020 Jan 11
2
interoperability issue with agent and ecdsa-sk keys
Hi, It seems that some versions of ssh-agent get confused by ECDSA-SK keys. >From my OpenBSD-current laptop, I'm trying to do remote system adminstration on a machine running Debian 8 with the stock ssh package (OpenSSH_6.7p1 Debian-5+deb8u8, OpenSSL 1.0.2l 25 May 2017). I need access to a remote gitlab server to fetch files with git, using an ED25519 key in my ssh-agent. Once connected
2015 Feb 27
3
Call for testing: OpenSSH 6.8
Update - for AIX 6.1 TL9 - configure: creating ./config.status config.status: creating Makefile config.status: creating buildpkg.sh config.status: creating opensshd.init config.status: creating openssh.xml config.status: creating openbsd-compat/Makefile config.status: creating openbsd-compat/regress/Makefile config.status: creating survey.sh config.status: creating config.h OpenSSH has been
2018 May 25
5
Strange crypto choices
The defaults for HostKeyAlgorithms option are: ecdsa-sha2-nistp256-cert-v01 at openssh.com, ecdsa-sha2-nistp384-cert-v01 at openssh.com, ecdsa-sha2-nistp521-cert-v01 at openssh.com, ssh-ed25519-cert-v01 at openssh.com, ssh-rsa-cert-v01 at openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,ssh-rsa Why does OpenSSH prefer older and less secure
2020 Sep 16
2
ssh-ed25519 and ecdsa-sha2-nistp256 host keys
Hello. I am running OpenSSH 7.9p1 on my client and server. ssh-keyscan shows the server has ssh-rsa, ssh-ed25519, and ecdsa-sha2-nistp256 host keys. My /etc/ssh/ssh_known_hosts file contains the server's ssh-ed25519 host key. When I try to SSH to the server I get this error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
2019 Feb 22
4
Possible bug: SSH doesn't prefer host keys listed in SSHFP records while connecting.
Steps to reproduce: 1. Run a SSH server with default configuration and point a domain to it. 2. Add SSHFP record to the domain, but only for Ed25519 key. 3. Attempt to connect with VerifyHostKeyDNS set to yes, but the rest of settings set to defaults. 4. OpenSSH defaults to ECDSA instead of Ed25519 and refuses connection because there is no ECDSA fingerprint in SSHFP records. A stopgap solution