UpdateHostkeys now enabled by default

Matthieu Herrb matthieu at herrb.eu
Sun Oct 4 22:09:41 AEDT 2020


On Sun, Oct 04, 2020 at 09:24:12PM +1100, Damien Miller wrote:
> On Sun, 4 Oct 2020, Damien Miller wrote:
> 
> > No - I think you've stumbled on a corner case I hadn't anticipated.
> > Does your configuration override CheckHostIP at all?

No.

> > 
> > What are the known_hosts entries for the hostname and IP?
> 
> Also, do you use HashKnownHosts? or do you have any hashed host lines
> in known_hosts?

Yes I use HashKnownHosts yes

Here are all the lines from my known_hosts.old that contains the
public keys for this host.

(the name is 'freedom' or freedom.herrb.net and IP adresses are
192.168.31.41 and 2a03:7220:8081:6101:6552:9ca8:512b:9251)

|1|LDNls9zwwKUtszPxTWOn1hEP+30=|2C9Jva6DwfnWqEHHjylVV9gAfSs= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBF2yT8wIR716QLjlhgLO3XGvFB7QHxguK2UXaFoVFEgQwRHpi5aLRjT3eENZNYHDUj/Nr4wFWDrOW1whtU+CxkM=
|1|zjuSnQb3afgDzZBCywXwNiZHYuY=|fUpd/QMtdR1dwYwfDUMM1xKIhqA= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBF2yT8wIR716QLjlhgLO3XGvFB7QHxguK2UXaFoVFEgQwRHpi5aLRjT3eENZNYHDUj/Nr4wFWDrOW1whtU+CxkM=
|1|IfXYEUvy166GATD/1980t6hR9CM=|UsUUsCnt3m0WH1X0N6sX/8tl/k8= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBF2yT8wIR716QLjlhgLO3XGvFB7QHxguK2UXaFoVFEgQwRHpi5aLRjT3eENZNYHDUj/Nr4wFWDrOW1whtU+CxkM=
|1|tOtsqSGnI+Of4l4toTHgAKKeZpI=|pWNu4KHsqq4z49vhuovYNJVE2o4= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBF2yT8wIR716QLjlhgLO3XGvFB7QHxguK2UXaFoVFEgQwRHpi5aLRjT3eENZNYHDUj/Nr4wFWDrOW1whtU+CxkM=
|1|LDNls9zwwKUtszPxTWOn1hEP+30=|2C9Jva6DwfnWqEHHjylVV9gAfSs= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBF2yT8wIR716QLjlhgLO3XGvFB7QHxguK2UXaFoVFEgQwRHpi5aLRjT3eENZNYHDUj/Nr4wFWDrOW1whtU+CxkM=
|1|IQQcAaveFbGQNoBJdsCJAtoqKSE=|xJvFONAHNU3U2as+cdtNeP2r1es= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFpmvj21EjLwEzHAlI8WWhZqT42g0mdpqfo/vFbN0FMG


-- 
Matthieu Herrb


More information about the openssh-unix-dev mailing list