[Bug 2145] New: ssh-keygen -R doesn't work when there are entries for "proxycommand" keys

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Aug 29 06:29:31 EST 2013


https://bugzilla.mindrot.org/show_bug.cgi?id=2145

            Bug ID: 2145
           Summary: ssh-keygen -R doesn't work when there are entries for
                    "proxycommand" keys
           Product: Portable OpenSSH
           Version: 6.2p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: trivial
          Priority: P5
         Component: ssh-keygen
          Assignee: unassigned-bugs at mindrot.org
          Reporter: hugh at davenport.net.nz

I can't seem to reproduce the same style entry, but below is snippets
that should show what is wrong.

Basically the gist is that example.com is in known hosts, and is a hop
point for a proxycommand for foo.example.com which has a explicit
hostname of an ip address. I tried to recreate it, but my current
version of ssh automatically puts the hashed host entry, not the ip,<no
hostip...> entry. They probably came from an earlier version of ssh.

$ ssh-keygen -f "/home/hdavenport/.ssh/known_hosts" -R example.com
# Host example.com found: line 1 type RSA
line 2 invalid key: 192.168.x.x,<no...
/home/hdavenport/.ssh/known_hosts is not a valid known_hosts file.
Not replacing existing known_hosts file because of errors
$ cat /home/hdavenport/.ssh/known_hosts
|1|hosthash ssh-rsa keyhash
192.168.x.x,<no hostip for proxy command> ssh-rsa keyhash
$ cat /home/hdavenport/.ssh/config
host foo.example.com
  proxycommand ssh -q example.com nc -q0 %h %p
  hostname 192.168.x.x

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list