Bug 2983

Summary: Add --fix-up-the-mess to fix up Offending key warnings for the user in one quick step!
Product: Portable OpenSSH Reporter: Dan Jacobson <jidanni>
Component: sshAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED WORKSFORME    
Severity: enhancement CC: djm
Priority: P5    
Version: 7.9p1   
Hardware: Other   
OS: Linux   

Description Dan Jacobson 2019-03-16 22:39:50 AEDT 
We are all familiar with the old routine,

$ ssh ...
Warning: the ECDSA host key for 'ssh.example.org' differs from the key for the IP address '164.190.144.253'
Offending key for IP in /home/jidanni/.ssh/known_hosts:20
Matching host key in /home/jidanni/.ssh/known_hosts:30

$ ed  /home/jidanni/.ssh/known_hosts
11098
20d
w
10656
q

$ ssh ...
Warning: Permanently added the ECDSA host key for IP address '64.90.44.253' to the list of known hosts.
Well I have a new idea!

At the end of the initial warning just add
"... or if you are really sure, just use --fix-up-the-mess to fix up the mess"
and then all the user would need to do is one
$ ssh --fix-up-the-mess ...
and voila, the mess is all fixed up! Even no one-time "Permanently added..." message!

(Of course please choose a better name than --fix-up-the-mess.) Thanks!
https://github.com/libssh2/libssh2/issues/300 = former bug address.
Comment 1 Damien Miller 2020-01-25 23:42:21 AEDT 
Fortunately, OpenSSH has long supported almost what you want in the form of the "ssh-keygen -R" option and the (as of the forthcoming openssh-8.2 release) on-by-default UpdateKnownHosts option.

We don't plan on implementing any further offline modes as they cannot operate reliably.
Comment 2 Damien Miller 2021-04-23 14:56:29 AEST 
closing resolved bugs as of 8.6p1 release