Ubuntu
openssh package

Clarify the offending known_hosts line number when ssh key has changed

Bug #424053 reported by Scott Ritchie
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu Server papercuts
New
Undecided
Unassigned
openssh (Ubuntu)
Triaged
Wishlist
Unassigned

Bug Description

I came across this error when I updated one of my servers.

Add correct host key in /home/scott/.ssh/known_hosts to get rid of this message.
Offending key in /home/scott/.ssh/known_hosts:2
RSA host key for (server) has changed and you have requested strict checking.

This was completely expected, as I had just updated the server, however when I edited known_hosts I wasn't sure which key it was. There was no text description of the server names in that file.

Only later did I learn that the :2 above meant "on line 2". What would have helped me greatly here is if the line:
"Offending key in /home/scott/.ssh/known_hosts:2" instead said
"Offending key in /home/scott/.ssh/known_hosts on line 2"

Should be a simple change, but for me it would have saved a good half hour while I looked up man pages trying to find the nonexistent "reask for the key when I connect to this one" setting.

ProblemType: Bug
Architecture: amd64
Dependencies:

DistroRelease: Ubuntu 9.04
NonfreeKernelModules: nvidia
Package: ssh None [modified: /var/lib/dpkg/info/ssh.list]
PackageArchitecture: all
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: openssh
Uname: Linux 2.6.28-11-generic x86_64
UnreportableReason: This is not a genuine Ubuntu package

Scott Ritchie (scottritchie)
Changed in openssh (Ubuntu):
importance: Undecided → Wishlist
tags: added: usability
Dimitrios Symeonidis (azimout)
Changed in openssh (Ubuntu):
status: New → Confirmed
Pedro Villavicencio (pedro)
Changed in openssh (Ubuntu):
status: Confirmed → Triaged
Revision history for this message
Bryce Harrington (bryce) wrote :

I'm moving this from wishlist to legitimate bug because it used to be that the file contained hostnames, so even if you didn't notice the line number you could grep for the machine or its ip. Now this info appears to be hashed so the line number is the only way to know.

It would be nice to have some mechanism to update the known_hosts file when a server has changed identities other than having to hand edit this file. For many users the list of hashed data is going to look like line noise.

The error message also says "you have requested strict checking", however this is misleading - *you* didn't request it, it's the default setting (at least, on Ubuntu).

I think the friendliest way to handle this would be something like:

 An RSA host key for this server was not found in /home/scott/.ssh/known_hosts!
 To fix this, run the command `ssh-recognize-host [hostname]`, or turn off StrictHostKeyChecking to disable host checking completely.

Add correct host key in /home/scott/.ssh/known_hosts to get rid of this message.

Changed in openssh (Ubuntu):
importance: Wishlist → Medium
Revision history for this message
Thierry Carrez (ttx) wrote :

@Bryce: it's a much desired wishlist item, but that doesn't make it a bug (or a regression) IMO.
Also I wouldn't suggest to turn off StrictHostKeyChecking.

Adding it to the Server papercuts project so that we don't lose sight of it :)

Changed in openssh (Ubuntu):
importance: Medium → Wishlist
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.