1449 – ssh does not give option to trust on changed keys

Bug 1449 - ssh does not give option to trust on changed keys

Summary: ssh does not give option to trust on changed keys

Status:	CLOSED WONTFIX

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	ssh (show other bugs)
Version:	4.7p1
Hardware:	All Linux

Importance:	P2 trivial
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2008-03-20 03:02 AEDT by Nicolas Valcárcel
Modified:	2008-07-22 12:21 AEST (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Nicolas Valcárcel 2008-03-20 03:02:10 AEDT

When we reinstall a machine we used to enter via ssh, or change the ip of a hostname ssh doesn't allow us to log into the machine saying the key has change, then we need to edit the .ssh/known_hosts files by hand and remove the entry of this host. Ssh should warn the user that the host key has changed and give the option to allow the connection and automatically edit that file.

Comment 1 Darren Tucker 2008-03-20 07:18:54 AEDT

1) you can save and restore the keys when you reinstall (useful particularly if you have many clients).

2) See CheckHostIP in ssh_config(5) for the case where the address changes.

3) you can use "ssh-keygen -R hostname" to delete an entry from known_hosts rather than hand-editing.

Comment 2 Damien Miller 2008-06-12 17:37:28 AEST

This is quite deliberate, we want explicit user interaction to force a changed key. You can use "ssh-keygen -R [hostname]" to automate the actual removal, but we need users to *think about it*.

This will not be changing.

Comment 3 Damien Miller 2008-07-22 12:21:34 AEST

Mass update RESOLVED->CLOSED after release of openssh-5.1