ssh does not give option to trust on changed keys
Bug #203939 reported by
Nicolas Valcarcel
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
portable OpenSSH |
Won't Fix
|
Unknown
|
|||
openssh (Ubuntu) |
Invalid
|
Wishlist
|
Unassigned |
Bug Description
When we reinstall a machine we used to enter via ssh, or change the ip of a hostname ssh doesn't allow us to log into the machine saying the key has change, then we need to edit the .ssh/known_hosts files by hand and remove the entry of this host. Ssh should warn the user that the host key has changed and give the option to allow the connection and automatically edit that file.
Changed in openssh: | |
status: | Unknown → Confirmed |
Changed in openssh: | |
status: | Confirmed → Won't Fix |
To post a comment you must log in.
I suspect that this is at least in part deliberate, and I at least am absolutely not comfortable with changing this. Offering a simple option to ignore the error makes it seem safe to do so - even if you warn, people will still say "yeah, whatever, just let me in". In fact, unless you have good knowledge that the machine's circumstances have changed, ssh's prompt means that the target machine *may have been DNS-compromised* and it may be *dangerous* to just blaze on through regardless.
I realise that for people who reinstall machines frequently this is an inconvenience (although see the advice Darren gave you on the upstream bug report), but given the fairly well-understood effects of providing "ignore this security warning" buttons, I don't think that outweighs safety.