Bug#875532: openssh-client: Please set UpdateHostKeys to true by default

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#875532: openssh-client: Please set UpdateHostKeys to true by default
From: Dimitri John Ledkov <xnox@ubuntu.com>
Date: Tue, 12 Sep 2017 00:22:08 +0100
Message-id: <[🔎] 150517212803.22754.6489031351197409680.reportbug@sochi>
Reply-to: Dimitri John Ledkov <xnox@ubuntu.com>, 875532@bugs.debian.org

Package: openssh-client
Version: 1:7.2p2-4ubuntu2.2
Severity: wishlist

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Dear Maintainer,

I am about to move my ssh server that serves gitolite
repositories. All users use cname to get to the server, whilst the
system sshd server is used. I want to use the ssh host key rotation,
and will specify both the old servers key and the new server key in
the config to perform the key rotation.

However, this will not update the clients.

Please consider setting UpdateHostKeys to true by default in
/etc/ssh/ssh_config.

Regards,

Dimitri.

- -- System Information:
Debian Release: stretch/sid
  APT prefers xenial-updates
  APT policy: (500, 'xenial-updates'), (500, 'xenial-security'), (500, 'xenial'), (100, 'xenial-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.4.0-83-generic (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages openssh-client depends on:
ii  adduser           3.113+nmu3ubuntu4
ii  dpkg              1.18.4ubuntu1.2
ii  libc6             2.23-0ubuntu9
ii  libedit2          3.1-20150325-1ubuntu2
ii  libgssapi-krb5-2  1.13.2+dfsg-5ubuntu2
ii  libselinux1       2.4-3build2
ii  libssl1.0.0       1.0.2g-1ubuntu4.8
ii  passwd            1:4.2-3.1ubuntu5.3
ii  zlib1g            1:1.2.8.dfsg-2ubuntu4.1

Versions of packages openssh-client recommends:
ii  xauth  1:1.0.9-1ubuntu2

Versions of packages openssh-client suggests:
pn  keychain                         <none>
pn  libpam-ssh                       <none>
pn  monkeysphere                     <none>
ii  ssh-askpass-gnome [ssh-askpass]  1:7.2p2-4ubuntu2.2

- -- Configuration Files:
/etc/ssh/ssh_config changed:
Host *
    HashKnownHosts yes
    GSSAPIAuthentication yes
    GSSAPIDelegateCredentials no


- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJZtxqfAAoJEMrC2LnNLKX5BqQIALue5hW+ljfqaDhf3a+yiRbQ
2Rz399Ss2i/GStRX/JfM6ReWZ31ZiAQ53ap0iUNhQ2LyuOTMqCfbcISCtMc4iOww
0DMqjmCOotzM/5PDChVSJrfVEY/TXqKve4edlTDcJOIF4W8IeQwCcqU7f1hi8H4K
I64u9FuG3tXCbY7Uqqnl7hbqYgYB3PcHolgS9LEXXQq29croiU51UPRZxd5hDcTm
vLAVDuTaVwnbkAlvm7HtNcuIK1ueuTbX81RoMiVIa2y21XABaOFpRrGWRTjWJO4f
eQvqaXali8xklvucDD/owwPCJrDbIymwt3sgvXtRvn6N6tObZuJ39WpQXtLa2M4=
=1Bzs
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Bug#864190: openssh-server: Missing privilege separation directory: /run/sshd
Next by Date: Bug#875979: openssh-client: Please ship /usr/bin/scp in its own binary package
Previous by thread: Bug#864190: openssh-server: Missing privilege separation directory: /run/sshd
Next by thread: Bug#875979: openssh-client: Please ship /usr/bin/scp in its own binary package
Index(es):
- Date
- Thread