Bug#875532: openssh-client: Please set UpdateHostKeys to true by default
Package: openssh-client
Version: 1:7.2p2-4ubuntu2.2
Severity: wishlist
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dear Maintainer,
I am about to move my ssh server that serves gitolite
repositories. All users use cname to get to the server, whilst the
system sshd server is used. I want to use the ssh host key rotation,
and will specify both the old servers key and the new server key in
the config to perform the key rotation.
However, this will not update the clients.
Please consider setting UpdateHostKeys to true by default in
/etc/ssh/ssh_config.
Regards,
Dimitri.
- -- System Information:
Debian Release: stretch/sid
APT prefers xenial-updates
APT policy: (500, 'xenial-updates'), (500, 'xenial-security'), (500, 'xenial'), (100, 'xenial-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.4.0-83-generic (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages openssh-client depends on:
ii adduser 3.113+nmu3ubuntu4
ii dpkg 1.18.4ubuntu1.2
ii libc6 2.23-0ubuntu9
ii libedit2 3.1-20150325-1ubuntu2
ii libgssapi-krb5-2 1.13.2+dfsg-5ubuntu2
ii libselinux1 2.4-3build2
ii libssl1.0.0 1.0.2g-1ubuntu4.8
ii passwd 1:4.2-3.1ubuntu5.3
ii zlib1g 1:1.2.8.dfsg-2ubuntu4.1
Versions of packages openssh-client recommends:
ii xauth 1:1.0.9-1ubuntu2
Versions of packages openssh-client suggests:
pn keychain <none>
pn libpam-ssh <none>
pn monkeysphere <none>
ii ssh-askpass-gnome [ssh-askpass] 1:7.2p2-4ubuntu2.2
- -- Configuration Files:
/etc/ssh/ssh_config changed:
Host *
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJZtxqfAAoJEMrC2LnNLKX5BqQIALue5hW+ljfqaDhf3a+yiRbQ
2Rz399Ss2i/GStRX/JfM6ReWZ31ZiAQ53ap0iUNhQ2LyuOTMqCfbcISCtMc4iOww
0DMqjmCOotzM/5PDChVSJrfVEY/TXqKve4edlTDcJOIF4W8IeQwCcqU7f1hi8H4K
I64u9FuG3tXCbY7Uqqnl7hbqYgYB3PcHolgS9LEXXQq29croiU51UPRZxd5hDcTm
vLAVDuTaVwnbkAlvm7HtNcuIK1ueuTbX81RoMiVIa2y21XABaOFpRrGWRTjWJO4f
eQvqaXali8xklvucDD/owwPCJrDbIymwt3sgvXtRvn6N6tObZuJ39WpQXtLa2M4=
=1Bzs
-----END PGP SIGNATURE-----
Reply to: