[Bug 2241] New: ssh-keygen -R removes matching key as well as @cert-authority
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu May 8 23:13:19 EST 2014
https://bugzilla.mindrot.org/show_bug.cgi?id=2241
Bug ID: 2241
Summary: ssh-keygen -R removes matching key as well as
@cert-authority
Product: Portable OpenSSH
Version: 6.6p1
Hardware: amd64
OS: Mac OS X
Status: NEW
Severity: minor
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs at mindrot.org
Reporter: mlindgren at runelind.net
I have confirmed this behavior from OpenSSH 6.6 in OS X (from MacPorts)
and 6.6 in Ubuntu. I have set up a SSH Certificate authority, and as
such I put in the following line at the top of my known_hosts file
@cert-authority *.mydomain.com ssh-rsa <public key>
Below this are all my hashed entries for various other hosts that I've
contacted over the years.
If I do ssh-keygen -R <ip> it has the unintended consequence of
matching on the offending entry in the known_hosts file *and* my
cert-authority entry:
$ ssh-keygen -R 10.50.3.149
# Host 10.50.3.149 found: line 1 type RSA <--This is my cert-authority
# Host 10.50.3.149 found: line 512 type ECDSA
/Users/mlindgren/.ssh/known_hosts updated.
Original contents retained as /Users/mlindgren/.ssh/known_hosts.old
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list