openssh/openssh-6.5p1-host_ident.patch

# identify hashed hosts in known_hosts and suggest command line for their
# removal

diff --git a/openssh-6.5p1/sshconnect.c b/openssh-6.5p1/sshconnect.c
--- a/openssh-6.5p1/sshconnect.c
+++ b/openssh-6.5p1/sshconnect.c
@@ -1067,16 +1067,21 @@ check_host_key(char *hostname, struct so
 				    ip_found->file, ip_found->line);
 		}
 		/* The host key has changed. */
 		warn_changed_key(host_key);
 		error("Add correct host key in %.100s to get rid of this message.",
 		    user_hostfiles[0]);
 		error("Offending %s key in %s:%lu", key_type(host_found->key),
 		    host_found->file, host_found->line);
+		error("You can use following command to remove all keys for this IP:");
+		if (host_found->file)
+			error("ssh-keygen -R %s -f %s", hostname, host_found->file);
+		else
+			error("ssh-keygen -R %s", hostname);
 
 		/*
 		 * If strict host key checking is in use, the user will have
 		 * to edit the key manually and we can only abort.
 		 */
 		if (options.strict_host_key_checking) {
 			error("%s host key for %.200s has changed and you have "
 			    "requested strict checking.", type, host);
Accepting request 199679 from home:pcerny:factory - spec file cleanup (don't pointelssly build whole OpenSSH) - spec file and patch cleanup * removing obsoleted auditing patch (openssh-%{version}-audit.patch) - added patches from SLE * GSSAPI key exchange * FIPS enablement (currently disabled) * small bugfixes - split the LDAP helper into a separate package: openssh-akc-ldap OBS-URL: https://build.opensuse.org/request/show/199679 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=55 2013-09-19 06:09:33 +02:00			`# identify hashed hosts in known_hosts and suggest command line for their`
			`# removal`

Accepting request 222365 from home:pcerny:factory - Update of the underlying OpenSSH to 6.5p1 - Update to 6.5p1 Features since 6.4p1: * ssh(1), sshd(8): support for key exchange using ECDH in Daniel Bernstein's Curve25519; default when both the client and server support it. * ssh(1), sshd(8): support for Ed25519 as a public key type fo rboth server and client. Ed25519 is an EC signature offering better security than ECDSA and DSA and good performance. * Add a new private key format that uses a bcrypt KDF to better protect keys at rest. Used unconditionally for Ed25519 keys, on demand for other key types via the -o ssh-keygen(1) option. Intended to become default in the near future. Details documented in PROTOCOL.key. * ssh(1), sshd(8): new transport cipher "chacha20-poly1305@openssh.com" combining Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode. Details documented PROTOCOL.chacha20poly1305. * ssh(1), sshd(8): refuse RSA keys from old proprietary clients and servers that use the obsolete RSA+MD5 signature scheme. It will still be possible to connect with these clients/servers but only DSA keys will be accepted, and OpenSSH will refuse connection entirely in a future release. * ssh(1), sshd(8): refuse old proprietary clients and servers that use a weaker key exchange hash calculation. * ssh(1): increase the size of the Diffie-Hellman groups requested for each symmetric key size. New values from NIST Special Publication 800-57 with the upper limit specified by OBS-URL: https://build.opensuse.org/request/show/222365 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=63 2014-02-14 15:54:10 +01:00			`diff --git a/openssh-6.5p1/sshconnect.c b/openssh-6.5p1/sshconnect.c`
			`--- a/openssh-6.5p1/sshconnect.c`
			`+++ b/openssh-6.5p1/sshconnect.c`
			`@@ -1067,16 +1067,21 @@ check_host_key(char *hostname, struct so`
Accepting request 199679 from home:pcerny:factory - spec file cleanup (don't pointelssly build whole OpenSSH) - spec file and patch cleanup * removing obsoleted auditing patch (openssh-%{version}-audit.patch) - added patches from SLE * GSSAPI key exchange * FIPS enablement (currently disabled) * small bugfixes - split the LDAP helper into a separate package: openssh-akc-ldap OBS-URL: https://build.opensuse.org/request/show/199679 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=55 2013-09-19 06:09:33 +02:00			`ip_found->file, ip_found->line);`
			`}`
			`/* The host key has changed. */`
			`warn_changed_key(host_key);`
			`error("Add correct host key in %.100s to get rid of this message.",`
			`user_hostfiles[0]);`
			`error("Offending %s key in %s:%lu", key_type(host_found->key),`
			`host_found->file, host_found->line);`
			`+ error("You can use following command to remove all keys for this IP:");`
			`+ if (host_found->file)`
			`+ error("ssh-keygen -R %s -f %s", hostname, host_found->file);`
			`+ else`
			`+ error("ssh-keygen -R %s", hostname);`

			`/*`
			`* If strict host key checking is in use, the user will have`
			`* to edit the key manually and we can only abort.`
			`*/`
			`if (options.strict_host_key_checking) {`
			`error("%s host key for %.200s has changed and you have "`
			`"requested strict checking.", type, host);`