[Bug 3826] New: add all of the remote's keys to .known_hosts

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat May 24 16:22:12 AEST 2025


https://bugzilla.mindrot.org/show_bug.cgi?id=3826

            Bug ID: 3826
           Summary: add all of the remote's keys to .known_hosts
           Product: Portable OpenSSH
           Version: 10.0p2
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: martin-eric.racine at iki.fi

Whenever the remote host changes the order in which it offers host
keys, the user gets the warning about a possible man-in-the-middle
attack. This could be avoided if 'ssh' added ALL of the remote's keys
at once, whenever someone types "yes", instead of assuming that only
one key can authenticate the remote correctly. Once this has been
implemented, 'ssh' could warn if any of the known keys no longer is
valid and offer to remove it.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list