Once upon a time, Reindl Harald <h.reindl(a)thelounge.net> said:
these lines are not written by hand and i replaced the key from
"AAA" to "=="
of the first one with the key off a completly different host in the file
resulting in the message i posted by ssh "harry@srv-rhsoft"
Replacing characters is making entries "by hand". Replacing the first
characters with "==" creates an invalid key (it is base64 encoded which
cannot have "=" characters except at the end for padding as needed); it
could be OpenSSH ignores invalid lines (I don't know).
> If there is no match to the host, you get the output you
described; if
> there is a match but the key is different, you get the original poster's
> desired output. This is standard (and I believe non-configurable)
> OpenSSH behavior going back to the beginning (and IIRC to the original
> SSH code before OpenSSH started)
and as i have proven this is *not true* in all situations - period
That is incorrect. The way to "prove" it is to connect to a host,
change its host key (easiest way is to move /etc/ssh/*key* aside and
restart sshd), and connect again.
Otherwise, show a case that didn't involve editing the known_hosts file.
The OpenSSH code only works one way.
--
Chris Adams <linux(a)cmadams.net>