Public bug reported: Presumably linked to the two references [1,2] below, following a recent update to openssh-client on 14.04, the certificates / public keys for my SSH CAs were silently removed from my known_hosts file.
This behaviour was repeated across two out of two machines on which I use SSH certificates. The code[1] indicates that the existing known_hosts file should be moved to known_hosts.old prior to old host keys being rotated. A known_hosts.old file was found in the .ssh directory, still containing the CA certificates. The changelog states that this rotation of host keys will only occur when UpdateHostkeys is turned on in ssh_config. This directive was not defined in either of my ssh_config files. [1] http://bxr.su/OpenBSD/usr.bin/ssh/hostfile.c#hostfile_replace_entries [2] https://launchpad.net/ubuntu/wily/+source/openssh/+changelog ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: openssh-server 1:6.6p1-2ubuntu2.7 ProcVersionSignature: Ubuntu 3.13.0-85.129-generic 3.13.11-ckt36 Uname: Linux 3.13.0-85-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.19 Architecture: amd64 CurrentDesktop: Unity Date: Fri May 13 12:39:11 2016 InstallationDate: Installed on 2014-09-09 (612 days ago) InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417) SourcePackage: openssh UpgradeStatus: No upgrade log present (probably fresh install) upstart.ssh.override: manual ** Affects: openssh (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug trusty -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1581487 Title: Openssh update silently deletes CA certificates / public keys from known_hosts Status in openssh package in Ubuntu: New Bug description: Presumably linked to the two references [1,2] below, following a recent update to openssh-client on 14.04, the certificates / public keys for my SSH CAs were silently removed from my known_hosts file. This behaviour was repeated across two out of two machines on which I use SSH certificates. The code[1] indicates that the existing known_hosts file should be moved to known_hosts.old prior to old host keys being rotated. A known_hosts.old file was found in the .ssh directory, still containing the CA certificates. The changelog states that this rotation of host keys will only occur when UpdateHostkeys is turned on in ssh_config. This directive was not defined in either of my ssh_config files. [1] http://bxr.su/OpenBSD/usr.bin/ssh/hostfile.c#hostfile_replace_entries [2] https://launchpad.net/ubuntu/wily/+source/openssh/+changelog ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: openssh-server 1:6.6p1-2ubuntu2.7 ProcVersionSignature: Ubuntu 3.13.0-85.129-generic 3.13.11-ckt36 Uname: Linux 3.13.0-85-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.19 Architecture: amd64 CurrentDesktop: Unity Date: Fri May 13 12:39:11 2016 InstallationDate: Installed on 2014-09-09 (612 days ago) InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417) SourcePackage: openssh UpgradeStatus: No upgrade log present (probably fresh install) upstart.ssh.override: manual To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1581487/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
