Package: openssh-client Version: 1:7.4p1-5 Severity: normal Dear Maintainer, After having manually added a host to my known_hosts file, I wanted to hash the new hostname. According to ssh-keygen(1), -H ... This option will not modify existing hashed hostnames and is therefore safe to use on files that mix hashed and non-hashed names. So, I used `ssh-keygen -H` and was notified that all hostnames have been hashed. However, when I subsequently tried to access an old server (not the newly added one), ssh asked me to verify its fingerprint. I compared the new known_hosts file with the automatic backup and noticed that the hashes of all 500+ entries in my known_hosts file had changed, so not only -- as expected -- the single new one. Workaround: put line in extra file, hash the hostname using `ssh-keygen -H -f <file>` and append it to the actual known_hosts file afterwards. Thank you! Best, Maximilian -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.8.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages openssh-client depends on: ii adduser 3.115 ii dpkg 1.18.18 ii libc6 2.24-8 ii libedit2 3.1-20160903-2 ii libgssapi-krb5-2 1.15-1 ii libselinux1 2.6-3 ii libssl1.0.2 1.0.2j-4 ii passwd 1:4.2-3.3 ii zlib1g 1:1.2.8.dfsg-4 Versions of packages openssh-client recommends: ii xauth 1:1.0.9-1 Versions of packages openssh-client suggests: ii keychain 2.8.2-0.1 pn libpam-ssh <none> pn monkeysphere <none> pn ssh-askpass <none> -- no debconf information
Attachment:
signature.asc
Description: OpenPGP digital signature