[Bug 1993] New: ssh tries to add keys to ~/.ssh/known_hosts though StrictHostKeyChecking yes is set
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Wed Mar 28 03:49:48 EST 2012
https://bugzilla.mindrot.org/show_bug.cgi?id=1993
Bug #: 1993
Summary: ssh tries to add keys to ~/.ssh/known_hosts though
StrictHostKeyChecking yes is set
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.9p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: calestyo at scientia.net
Hi.
By chance I found out that, despite of what ssh_config(5) says:
>StrictHostKeyChecking
> If this flag is set to “yes”, ssh(1) will never automatically add
> host keys to the ~/.ssh/known_hosts file,
it does try to add keys there, namely those for which a key is already
set in the system wide known hosts file, but only for the hostname and
not for the IP address.
It says:
Failed to add the RSA host key for IP address '129.187.131.211' to the
list of known hosts (/var/lib/nagios/.ssh/known_hos).
(btw: Notice that it cuts the file name, is this another bug?)
While CheckHostIP no prevents the above, it also means (AFAIU) that the
IP is not checked, FOR WHICH it was e.g. manually added.
Not sure whether this is a bug, or a documentation issue.... and what
the right way around is (CheckHostIP no? or UserKnownHostsFile
/dev/null ? )
Cheers,
Chris.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list