Bug 1839

Summary: ssh/scp to localhost/127.0.0.1 should not update known_hosts
Product: Portable OpenSSH Reporter: H.-Dirk Schmitt <dirk>
Component: MiscellaneousAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED WORKSFORME    
Severity: enhancement CC: dtucker
Priority: P2    
Version: 5.3p1   
Hardware: All   
OS: All   

Description H.-Dirk Schmitt 2010-11-22 01:03:30 AEDT
If ssh/scp is used on computers with a shared home directory the localhost key noted in ~/.ssh/known_hosts is ambiguous.

If the user fist ssh to localhost on host A and afterwards do the same on host B he is getting an error message.

On the other side the host key for localhost is only a valuable security enhancement if localhost isn't bound to an uncommon ip number.
(But this should cause a lot of troubles that hits a user before.)
Comment 1 Darren Tucker 2010-11-22 11:46:45 AEDT
$ man ssh_config
[...]
NoHostAuthenticationForLocalhost
       This option can be used if the home directory is shared across
       machines.  In this case localhost will refer to a different
       machine on each of the machines and the user will get many warn-
       ings about changed host keys.  However, this option disables host
       authentication for localhost.  The argument to this keyword must
       be ``yes'' or ``no''.  The default is to check the host key for
       localhost.
Comment 2 Damien Miller 2011-01-24 12:33:29 AEDT
Move resolved bugs to CLOSED after 5.7 release