1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
From 60c7e9102d69c1b2a50fd58c9a322d8e6d1d2117 Mon Sep 17 00:00:00 2001
From: Scott Moser <smoser@ubuntu.com>
Date: Sun, 9 Feb 2014 16:10:03 +0000
Subject: Mention ssh-keygen in ssh fingerprint changed warning
Author: Chris Lamb <lamby@debian.org>
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1843
Bug-Ubuntu: https://bugs.launchpad.net/bugs/686607
Last-Update: 2023-12-11
Patch-Name: mention-ssh-keygen-on-keychange.patch
---
sshconnect.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/sshconnect.c b/sshconnect.c
index 1d5bcc782..23f79ed2b 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1277,9 +1277,13 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo,
error("%s. This could either mean that", key_msg);
error("DNS SPOOFING is happening or the IP address for the host");
error("and its host key have changed at the same time.");
- if (ip_status != HOST_NEW)
+ if (ip_status != HOST_NEW) {
error("Offending key for IP in %s:%lu",
ip_found->file, ip_found->line);
+ error(" remove with:");
+ error(" ssh-keygen -f '%s' -R '%s'",
+ ip_found->file, ip);
+ }
}
/* The host key has changed. */
warn_changed_key(host_key);
@@ -1291,6 +1295,9 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo,
error("Offending %s key in %s:%lu",
sshkey_type(host_found->key),
host_found->file, host_found->line);
+ error(" remove with:");
+ error(" ssh-keygen -f '%s' -R '%s'",
+ host_found->file, host);
/*
* If strict host key checking is in use, the user will have
|