Openssh update silently deletes CA certificates / public keys from known_hosts
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssh (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Presumably linked to the two references [1,2] below, following a recent update to openssh-client on 14.04, the certificates / public keys for my SSH CAs were silently removed from my known_hosts file.
This behaviour was repeated across two out of two machines on which I use SSH certificates.
The code[1] indicates that the existing known_hosts file should be moved to known_hosts.old prior to old host keys being rotated. A known_hosts.old file was found in the .ssh directory, still containing the CA certificates.
The changelog states that this rotation of host keys will only occur when UpdateHostkeys is turned on in ssh_config. This directive was not defined in either of my ssh_config files.
[1] http://
[2] https:/
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: openssh-server 1:6.6p1-2ubuntu2.7
ProcVersionSign
Uname: Linux 3.13.0-85-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.19
Architecture: amd64
CurrentDesktop: Unity
Date: Fri May 13 12:39:11 2016
InstallationDate: Installed on 2014-09-09 (612 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417)
SourcePackage: openssh
UpgradeStatus: No upgrade log present (probably fresh install)
upstart.