"ssh-keygen -R hostname" errors out with non-existent known_hosts
Jim Knoble
jmknoble at pobox.com
Fri Mar 26 17:42:36 AEDT 2021
> On Mar 25, 2021, at 20:49, Nico Kadel-Garcia <nkadel at gmail.com> wrote:
>
> On Wed, Mar 24, 2021 at 5:45 AM Jochen Bern <Jochen.Bern at binect.de> wrote:
>>
>>> On 23.03.21 06:42, Nico Kadel-Garcia wrote:
>>> If I want to delete a hostkey entry, and there is none to be found,
>>> shouldn't that be considered a successful operation?
>>
>> I can think of (easily more than) two scenarios where someone would want
>> to run such a command in the first place:
>>
>> -- An admin performing cleanups on users' known_hosts file after a
>> server changed keypairs or got decommissioned, where not finding the old
>> pubkeys in some of the user configs would be expected and ignored
>>
>> -- A user who has had strict hostkey checking block his login and tries
>> to fix the problem, where the command *failing* to (semi-)fix the
>> problem is something he definitely wants to know about
>>
>> You can't have one and the same command do *both*.
>>
>> If anything, the reaction of "ssh-keygen -R ..." to a missing
>> known_hosts file should be consistent with the outcome of it not finding
>> a matching key therein to delete (which is to output an error message
>> but still do an exit(0), apparently).
>
> This is why I'm suggesting should be the default.
What's wrong with:
ssh-keygen -R hostname || true
?
More information about the openssh-unix-dev
mailing list