"ssh-keygen -R ..." refuses operation because of (old) ssh-dss keys
Philipp Marek
philipp at marek.priv.at
Fri Nov 28 21:03:22 AEDT 2025
Hi,
I tried to clean up a rotated host key:
$ ssh-keygen -R 'gitlab.opencode.de'
.../.ssh/known_hosts:143: invalid line
.../.ssh/known_hosts:1006: invalid line
# Host gitlab.opencode.de found: line 1789
# Host gitlab.opencode.de found: line 1790
# Host gitlab.opencode.de found: line 1797
.../.ssh/known_hosts is not a valid known_hosts file.
Not replacing existing known_hosts file because of errors
The lines 143 and 1006 contain "ssh-dss" keys --
yes, they might not be allowed any more,
but that shouldn't forbid cleaning up the file, should it?
How about dropping lines with deprecated algorithms,
silently or with a message similar to the "Host ... found"?
Regards,
Phil
More information about the openssh-unix-dev
mailing list