[Bug 1993] ssh tries to add keys to ~/.ssh/known_hosts though StrictHostKeyChecking yes is set
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu May 28 16:18:22 AEST 2015
https://bugzilla.mindrot.org/show_bug.cgi?id=1993
--- Comment #7 from Darren Tucker <dtucker at zip.com.au> ---
(In reply to Darren Tucker from comment #6)
> Created attachment 2635 [details]
> Remove length limits on know host file name in log messages
A slightly different version of the patch has been committed and will
be in the 6.9 release.
(When I first looked at this I assumed the log message was accurate and
went looking for a truncation in the actual path name used and ended up
barking up the wrong tree.)
(In reply to Christoph Anton Mitterer from comment #4)
[..]
> It *still* happens, that SSH automatically adds a key, i.e.:
> $ echo > ~/.ssh/known_hosts
> $ ssh -o StrictHostKeyChecking=no someHost
> Warning: Permanently added the ECDSA host key for IP address
> '2e01:2a6:b9:3823::2:1' to the list of known hosts.
> (changed the IP/name for privacy reasons).
Err, that's exactly what StrictHostKeyChecking=no is supposed to do:
"If this flag is set to "no", ssh will automatically add new host keys
to the user known hosts files."
> Alex, you obviously confused the value no with yes... "no" is meant
> to automatically add the key
My thoughts exactly :-)
Assuming you meant "StrictHostKeyChecking=yes", I can imagine 2 cases
where this could be the case: the server sending you a new host key via
hostkeys-00 at openssh.com as mentioned above, or adding adding a key for
the IP address only after having found a correct matching host key for
the name in the system-wide config. The debug output from ssh -vvv
should give a clue as to what is going on, so please attach one.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list