[Bug 2742] New: Improve -R option, allow to purge all similar keys
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Wed Jul 12 01:29:47 AEST 2017
https://bugzilla.mindrot.org/show_bug.cgi?id=2742
Bug ID: 2742
Summary: Improve -R option, allow to purge all similar keys
Product: Portable OpenSSH
Version: 7.2p2
Hardware: All
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs at mindrot.org
Reporter: mindrot at dstoecker.de
When a server key changed openssh prints a warning that the key has
changed and also prints a commandline to purge old key from known_hosts
when the change is correct.
This commandline always only purges the key for the hostname you
currently try.
But there usually are at least two entries - one for host and one for
the IP. For dual stack there are at least 3. For dynamic IP there may
be hundreds.
It's a lot of manual work to find all the other keys and purge them as
well.
It would be very fine, if the -R command would simply ask if any key
with the same key data should be purged as well (together with the
number of entries). That would speed up the cleanup process a lot.
P.S. It would also be a good idea when I could tell SSH to don't make
the automatic IP based entries for certain (dynamic IP) hosts.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list