On Wed, Mar 24, 2021 at 5:45 AM Jochen Bern <Jochen.Bern@xxxxxxxxx> wrote: > > On 23.03.21 06:42, Nico Kadel-Garcia wrote: > > If I want to delete a hostkey entry, and there is none to be found, > > shouldn't that be considered a successful operation? > > I can think of (easily more than) two scenarios where someone would want > to run such a command in the first place: > > -- An admin performing cleanups on users' known_hosts file after a > server changed keypairs or got decommissioned, where not finding the old > pubkeys in some of the user configs would be expected and ignored > > -- A user who has had strict hostkey checking block his login and tries > to fix the problem, where the command *failing* to (semi-)fix the > problem is something he definitely wants to know about > > You can't have one and the same command do *both*. > > If anything, the reaction of "ssh-keygen -R ..." to a missing > known_hosts file should be consistent with the outcome of it not finding > a matching key therein to delete (which is to output an error message > but still do an exit(0), apparently). This is why I'm suggesting should be the default. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
