ssh known_hosts in 10.1
Eric van Gyzen
eric at vangyzen.net
Thu Feb 12 03:14:05 UTC 2015
On 2/11/15 5:03 PM, Eric van Gyzen wrote:
> -stable:
>
> I just updated my workstation from 10.0 to 10.1. Now, ssh is prompting
> me to accept host keys that I accepted long ago. ssh is looking for the
> host key in known_hosts using the name given on the command line; it
> previously used the FQDN. ssh-keygen -F confirms that known_hosts has
> the same key for the FQDN.
>
> If I recall correctly, using the FQDN in known_hosts was a FreeBSD
> customization. Did this get dropped during the OpenSSH update?
As it turns out, OpenSSH 6.5 or 6.6 added a hostname canonicalization
feature that--as I understand--should make FreeBSD's customization
obsolete. Based on the description in ssh_config, the following should
behave as ssh did in 10.0:
ssh -o 'CanonicalizeHostname yes' -o 'CanonicalizeFallbackLocal
yes' short-name
However, it doesn't find the host key, because it's looking for the
short-name, not the FQDN:
The authenticity of host 'short-name (192.0.2.42)' can't be
established.
Can anyone else confirm this behavior?
Eric
More information about the freebsd-stable
mailing list