Bug 1839 - ssh/scp to localhost/127.0.0.1 should not update known_hosts
Summary: ssh/scp to localhost/127.0.0.1 should not update known_hosts
Status: CLOSED WORKSFORME
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: Miscellaneous (show other bugs)
Version: 5.3p1
Hardware: All All
: P2 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-11-22 01:03 AEDT by H.-Dirk Schmitt
Modified: 2011-01-24 12:33 AEDT (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description H.-Dirk Schmitt 2010-11-22 01:03:30 AEDT 
If ssh/scp is used on computers with a shared home directory the localhost key noted in ~/.ssh/known_hosts is ambiguous.

If the user fist ssh to localhost on host A and afterwards do the same on host B he is getting an error message.

On the other side the host key for localhost is only a valuable security enhancement if localhost isn't bound to an uncommon ip number.
(But this should cause a lot of troubles that hits a user before.)
Comment 1 Darren Tucker 2010-11-22 11:46:45 AEDT 
$ man ssh_config
[...]
NoHostAuthenticationForLocalhost
       This option can be used if the home directory is shared across
       machines.  In this case localhost will refer to a different
       machine on each of the machines and the user will get many warn-
       ings about changed host keys.  However, this option disables host
       authentication for localhost.  The argument to this keyword must
       be ``yes'' or ``no''.  The default is to check the host key for
       localhost.
Comment 2 Damien Miller 2011-01-24 12:33:29 AEDT 
Move resolved bugs to CLOSED after 5.7 release