prompt to update a host key

Jeremy Lin jeremy.lin at
Sat Mar 16 06:10:01 AEDT 2019

On Fri, Mar 15, 2019 at 2:13 AM Jochen Bern <Jochen.Bern at> wrote:
> If the host keypair(s) are truly useless for identifying a *single*,
> short-lived target host, my suggestion would be to include "global"
> keypairs into the image (and have them still replaced once in a while).
> That would at least protect clients from a fake host set up by someone
> who doesn't have access to the image or the legit hosts. (Or from
> accidentally shredding a genuine "permanent" system that somehow
> obtained the DNS name / IP of a short-lived one.)
> If, however, reimaging is a standardized process that might allow the
> new host pubkey(s) to be collected and distributed in one fell swoop,
> there's the GlobalKnownHostsFile setting which is *supposed* to point to
> a file maintained by the *sysadmins* ...

These are development builds of software images that will eventually
be shipped to customers, so we'd strongly prefer not to hardcode any
host keys since that could accidentally end up getting shipped

More information about the openssh-unix-dev mailing list