forked from pool/openssh
Antonio Larrosa
fef1b16e66
commented out). The keycat binary isn't really installed nor supported, so we can drop it, except for the code that is used by other SELinux patches, which is what I kept from that patch (boo#1229072). - Add patch submitted to upstream to fix RFC4256 implementation so that keyboard-interactive authentication method can send instructions and sshd shows them to users even before a prompt is requested. This fixes MFA push notifications (boo#1229010). * 0001-auth-pam-Immediately-report-instructions-to-clients-and-fix-handling-in-ssh-client.patch OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=274
21 lines
774 B
Diff
21 lines
774 B
Diff
# HG changeset patch
|
|
# Parent 0f731d0b541b8a919d24ac91098f560a49712822
|
|
Suggest command line for removal of offending keys from known_hosts file
|
|
|
|
Index: openssh-8.8p1/sshconnect.c
|
|
===================================================================
|
|
--- openssh-8.8p1.orig/sshconnect.c
|
|
+++ openssh-8.8p1/sshconnect.c
|
|
@@ -1270,6 +1270,11 @@ check_host_key(char *hostname, const str
|
|
error("Offending %s key in %s:%lu",
|
|
sshkey_type(host_found->key),
|
|
host_found->file, host_found->line);
|
|
+ error("You can use following command to remove the offending key:");
|
|
+ if (host_found->file)
|
|
+ error("ssh-keygen -R %s -f %s", host, host_found->file);
|
|
+ else
|
|
+ error("ssh-keygen -R %s", host);
|
|
|
|
/*
|
|
* If strict host key checking is in use, the user will have
|