[Bug 1993] ssh tries to add keys to ~/.ssh/known_hosts though StrictHostKeyChecking yes is set

[bugzilla-daemon at mindrot.org]

https://bugzilla.mindrot.org/show_bug.cgi?id=1993

--- Comment #5 from Darren Tucker <dtucker at zip.com.au> ---
(In reply to Christoph Anton Mitterer from comment #4)
> Hi guys.
> 
> With version: 6.7p1
> 
> 
> Regarding my initial report:
> 
> It *still* happens, that SSH automatically adds a key, i.e.:
> $ echo > ~/.ssh/known_hosts
> $ ssh -o StrictHostKeyChecking=no someHost
> Warning: Permanently added the ECDSA host key for IP address
> '2e01:2a6:b9:3823::2:1' to the list of known hosts.
> (changed the IP/name for privacy reasons).

Did you have an existing, valid hostkey with a different algorithm for
that host?  I suspect it's due to the hostkeys-00 at openssh.com method
that advertises the other host key types after successful
authentication.  Can you run ssh -vvv and see if those appear
immediately before the "key added" message?

> - the name truncation no longer happens, but only since the message
> is now a different one... so isn't that issue anyway gone?

I found the truncation in comment #1, diff incoming.

> Anyway,... you asked for some information about platform, etc.
> I cannot give you these right now, since yesterday night I locked
> myself out of the respective nodes, and I cannot fix this from at
> home.
> Stay tuned.
[...]
> Regarding comment #1:
> Alex, you obviously confused the value no with yes... "no" is meant
> to automatically add the key...

Also with regard to that comment:

"host 192.168.*,10.*
StrictHostKeyChecking no

But it has no effect when ssh'ing to any boxes in the defined
networks."

"Host" in ssh_config doesn't define a network, it defines a hostname as
passed to the ssh command line.  It should work if you specify an IP
address on the command line.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.