Bug 1209 - StrictHostKeyChecking really needs a 4th option
Summary: StrictHostKeyChecking really needs a 4th option
Status: CLOSED WONTFIX
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: 4.3p2
Hardware: All All
: P2 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-07-13 03:22 AEST by Tom Horsley
Modified: 2008-07-22 12:08 AEST (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tom Horsley 2006-07-13 03:22:36 AEST 
I'd love to have something like an "update-anyway" option for
StrictHostKeyChecking that is like "ask", but if the key has changed
gives you the option of going ahead and replacing the old host key
with the new one.

Folks are constantly re-genning test systems around here and never
bother to save and restore the keys in /etc/ssh, so I'm constantly
forced to manually edit my known_hosts file. It would simplify things
if I could just tell ssh to go ahead and edit it for me.
Comment 1 Damien Miller 2008-06-12 17:03:20 AEST 
You can achieve this effect with UserKnownHostFile=/dev/zero

We do not want to facilitate unsafe behaviour by providing an explicit option.

Sorry.
Comment 2 Damien Miller 2008-07-22 12:08:50 AEST 
Mass update RESOLVED->CLOSED after release of openssh-5.1