| Summary: | Suppress 'Permanently added ... to known hosts' when redirecting to /dev/null | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Ben Creasy <ben> | ||||
| Component: | ssh | Assignee: | Assigned to nobody <unassigned-bugs> | ||||
| Status: | CLOSED FIXED | ||||||
| Severity: | trivial | CC: | djm, dtucker, kenyon | ||||
| Priority: | P5 | ||||||
| Version: | 6.8p1 | ||||||
| Hardware: | 68k | ||||||
| OS: | Mac OS X | ||||||
| Attachments: |
|
||||||
|
Description
Ben Creasy
2015-06-12 12:59:56 AEST
Well ssh *is* actually writing it, but it's being immediately discarded outside of ssh's control. You can already suppress the warning with LogLevel=ERROR as noted in those links and UserKnownHostsFile=/dev/null is a pretty poor practice anyway, so I don't think we should be doing anything to encourage it. I see what you mean, and it is true that various workarounds are suggested at http://superuser.com/questions/141344/dont-add-hostkey-to-known-hosts-for-ssh/141352#141352. In terms of what ssh is writing, I would image that ssh can figure out whether the final output is /dev/null (of course the last thing most people want is yet another optional switch). In my case I like being able to have a known_hosts file that has hosts that I expect to connect to more than once - it feels more organized. In my case, I'm sometimes starting up temporary DigitalOcean droplets for a little while to test something out and then destroying them. I'd rather not limit my logging or have to mess around with a config file when I do that. Is there a way to do this which doesn't require tweaking the config files but isn't a poor practice? Created attachment 2653 [details]
Accept UserKnownHostsFile=none
We could perhaps allow UserKnownHostsFile=none like this diff attempts
Looks like "UserKnownHostsFile none" was added back in 8.5 however it's not currently documented. We'll add this for the next release, which should fully resolve this bug. OpenSSH 9.3 has been released. Close resolved bugs |