We are all familiar with the old routine, $ ssh ... Warning: the ECDSA host key for 'ssh.example.org' differs from the key for the IP address '164.190.144.253' Offending key for IP in /home/jidanni/.ssh/known_hosts:20 Matching host key in /home/jidanni/.ssh/known_hosts:30 $ ed /home/jidanni/.ssh/known_hosts 11098 20d w 10656 q $ ssh ... Warning: Permanently added the ECDSA host key for IP address '64.90.44.253' to the list of known hosts. Well I have a new idea! At the end of the initial warning just add "... or if you are really sure, just use --fix-up-the-mess to fix up the mess" and then all the user would need to do is one $ ssh --fix-up-the-mess ... and voila, the mess is all fixed up! Even no one-time "Permanently added..." message! (Of course please choose a better name than --fix-up-the-mess.) Thanks! https://github.com/libssh2/libssh2/issues/300 = former bug address.
Fortunately, OpenSSH has long supported almost what you want in the form of the "ssh-keygen -R" option and the (as of the forthcoming openssh-8.2 release) on-by-default UpdateKnownHosts option. We don't plan on implementing any further offline modes as they cannot operate reliably.
closing resolved bugs as of 8.6p1 release