On 2020-02-06 at 10:29 +1100, Damien Miller wrote: > * sshd(8): allow the UpdateHostKeys feature to function when > multiple known_hosts files are in use. When updating host keys, > ssh will now search subsequent known_hosts files, but will add > updated host keys to the first specified file only. bz2738 In testing this, when the impact is to _remove_ a known_hosts entry then all the existing entries are deleted from the subsequent files, and the remaining entries are added to the first file. I initially assumed, on reading the email, that the logic was to not assume that subsequent files are writable, but it seems that's not it. Is this just a corner case that wasn't considered? For myself I can live with this, as it fits my workflow: ~/.ssh/known_hosts is a small file of cruft and staging entries, and a second file is in a shared git repo, so I usually migrate entries manually. -Phil _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
