[Bug 3826] New: add all of the remote's keys to .known_hosts
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sat May 24 16:22:12 AEST 2025
https://bugzilla.mindrot.org/show_bug.cgi?id=3826
Bug ID: 3826
Summary: add all of the remote's keys to .known_hosts
Product: Portable OpenSSH
Version: 10.0p2
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: martin-eric.racine at iki.fi
Whenever the remote host changes the order in which it offers host
keys, the user gets the warning about a possible man-in-the-middle
attack. This could be avoided if 'ssh' added ALL of the remote's keys
at once, whenever someone types "yes", instead of assuming that only
one key can authenticate the remote correctly. Once this has been
implemented, 'ssh' could warn if any of the known keys no longer is
valid and offer to remove it.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list