Clarify the offending known_hosts line number when ssh key has changed
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu Server papercuts |
New
|
Undecided
|
Unassigned | ||
openssh (Ubuntu) |
Triaged
|
Wishlist
|
Unassigned |
Bug Description
I came across this error when I updated one of my servers.
Add correct host key in /home/scott/
Offending key in /home/scott/
RSA host key for (server) has changed and you have requested strict checking.
This was completely expected, as I had just updated the server, however when I edited known_hosts I wasn't sure which key it was. There was no text description of the server names in that file.
Only later did I learn that the :2 above meant "on line 2". What would have helped me greatly here is if the line:
"Offending key in /home/scott/
"Offending key in /home/scott/
Should be a simple change, but for me it would have saved a good half hour while I looked up man pages trying to find the nonexistent "reask for the key when I connect to this one" setting.
ProblemType: Bug
Architecture: amd64
Dependencies:
DistroRelease: Ubuntu 9.04
NonfreeKernelMo
Package: ssh None [modified: /var/lib/
PackageArchitec
ProcEnviron:
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: openssh
Uname: Linux 2.6.28-11-generic x86_64
UnreportableReason: This is not a genuine Ubuntu package
Changed in openssh (Ubuntu): | |
importance: | Undecided → Wishlist |
tags: | added: usability |
Changed in openssh (Ubuntu): | |
status: | New → Confirmed |
Changed in openssh (Ubuntu): | |
status: | Confirmed → Triaged |
I'm moving this from wishlist to legitimate bug because it used to be that the file contained hostnames, so even if you didn't notice the line number you could grep for the machine or its ip. Now this info appears to be hashed so the line number is the only way to know.
It would be nice to have some mechanism to update the known_hosts file when a server has changed identities other than having to hand edit this file. For many users the list of hashed data is going to look like line noise.
The error message also says "you have requested strict checking", however this is misleading - *you* didn't request it, it's the default setting (at least, on Ubuntu).
I think the friendliest way to handle this would be something like:
An RSA host key for this server was not found in /home/scott/ .ssh/known_ hosts! ecking to disable host checking completely.
To fix this, run the command `ssh-recognize-host [hostname]`, or turn off StrictHostKeyCh
Add correct host key in /home/scott/ .ssh/known_ hosts to get rid of this message.