Bug 1449

Summary: ssh does not give option to trust on changed keys
Product: Portable OpenSSH Reporter: Nicolas Valcárcel <nicolas.valcarcel>
Component: sshAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED WONTFIX    
Severity: trivial CC: djm, dtucker, nicolas.valcarcel
Priority: P2    
Version: 4.7p1   
Hardware: All   
OS: Linux   

Description Nicolas Valcárcel 2008-03-20 03:02:10 AEDT 
When we reinstall a machine we used to enter via ssh, or change the ip of a hostname ssh doesn't allow us to log into the machine saying the key has change, then we need to edit the .ssh/known_hosts files by hand and remove the entry of this host. Ssh should warn the user that the host key has changed and give the option to allow the connection and automatically edit that file.
Comment 1 Darren Tucker 2008-03-20 07:18:54 AEDT 
1) you can save and restore the keys when you reinstall (useful particularly if you have many clients).

2) See CheckHostIP in ssh_config(5) for the case where the address changes.

3) you can use "ssh-keygen -R hostname" to delete an entry from known_hosts rather than hand-editing.
Comment 2 Damien Miller 2008-06-12 17:37:28 AEST 
This is quite deliberate, we want explicit user interaction to force a changed key. You can use "ssh-keygen -R [hostname]" to automate the actual removal, but we need users to *think about it*.

This will not be changing.
Comment 3 Damien Miller 2008-07-22 12:21:34 AEST 
Mass update RESOLVED->CLOSED after release of openssh-5.1