[Bug 2742] New: Improve -R option, allow to purge all similar keys

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed Jul 12 01:29:47 AEST 2017


https://bugzilla.mindrot.org/show_bug.cgi?id=2742

            Bug ID: 2742
           Summary: Improve -R option, allow to purge all similar keys
           Product: Portable OpenSSH
           Version: 7.2p2
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh-keygen
          Assignee: unassigned-bugs at mindrot.org
          Reporter: mindrot at dstoecker.de

When a server key changed openssh prints a warning that the key has
changed and also prints a commandline to purge old key from known_hosts
when the change is correct.

This commandline always only purges the key for the hostname you
currently try.

But there usually are at least two entries - one for host and one for
the IP. For dual stack there are at least 3. For dynamic IP there may
be hundreds.

It's a lot of manual work to find all the other keys and purge them as
well.

It would be very fine, if the -R command would simply ask if any key
with the same key data should be purged as well (together with the
number of entries). That would speed up the cleanup process a lot.

P.S. It would also be a good idea when I could tell SSH to don't make
the automatic IP based entries for certain (dynamic IP) hosts.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list