Openssh update silently deletes CA certificates / public keys from known_hosts

Bug #1581487 reported by Def on 2016-05-13
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openssh (Ubuntu)
Undecided
Unassigned

Bug Description

Presumably linked to the two references [1,2] below, following a recent update to openssh-client on 14.04, the certificates / public keys for my SSH CAs were silently removed from my known_hosts file.

This behaviour was repeated across two out of two machines on which I use SSH certificates.

The code[1] indicates that the existing known_hosts file should be moved to known_hosts.old prior to old host keys being rotated. A known_hosts.old file was found in the .ssh directory, still containing the CA certificates.

The changelog states that this rotation of host keys will only occur when UpdateHostkeys is turned on in ssh_config. This directive was not defined in either of my ssh_config files.

[1] http://bxr.su/OpenBSD/usr.bin/ssh/hostfile.c#hostfile_replace_entries
[2] https://launchpad.net/ubuntu/wily/+source/openssh/+changelog

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: openssh-server 1:6.6p1-2ubuntu2.7
ProcVersionSignature: Ubuntu 3.13.0-85.129-generic 3.13.11-ckt36
Uname: Linux 3.13.0-85-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.19
Architecture: amd64
CurrentDesktop: Unity
Date: Fri May 13 12:39:11 2016
InstallationDate: Installed on 2014-09-09 (612 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417)
SourcePackage: openssh
UpgradeStatus: No upgrade log present (probably fresh install)
upstart.ssh.override: manual

Def (definitelynotafed) wrote :
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers