Bug 1449 - ssh does not give option to trust on changed keys
Summary: ssh does not give option to trust on changed keys
Status: CLOSED WONTFIX
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: 4.7p1
Hardware: All Linux
: P2 trivial
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-03-20 03:02 AEDT by Nicolas Valcárcel
Modified: 2008-07-22 12:21 AEST (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Nicolas Valcárcel 2008-03-20 03:02:10 AEDT
When we reinstall a machine we used to enter via ssh, or change the ip of a hostname ssh doesn't allow us to log into the machine saying the key has change, then we need to edit the .ssh/known_hosts files by hand and remove the entry of this host. Ssh should warn the user that the host key has changed and give the option to allow the connection and automatically edit that file.
Comment 1 Darren Tucker 2008-03-20 07:18:54 AEDT
1) you can save and restore the keys when you reinstall (useful particularly if you have many clients).

2) See CheckHostIP in ssh_config(5) for the case where the address changes.

3) you can use "ssh-keygen -R hostname" to delete an entry from known_hosts rather than hand-editing.
Comment 2 Damien Miller 2008-06-12 17:37:28 AEST
This is quite deliberate, we want explicit user interaction to force a changed key. You can use "ssh-keygen -R [hostname]" to automate the actual removal, but we need users to *think about it*.

This will not be changing.
Comment 3 Damien Miller 2008-07-22 12:21:34 AEST
Mass update RESOLVED->CLOSED after release of openssh-5.1