Can we have better ssh fingerprint collision messages?

Reindl Harald h.reindl at
Tue Nov 12 11:31:04 UTC 2013

Am 12.11.2013 12:25, schrieb James Hogarth:
> Did you edit the key for both the IP address and the hostname in known_hosts?

no, because i tried to show in which cases the message
the OP wnats to see is *not* given

> It's feasible that if you only changed the hostname and not the IP based one behaviour would be different.
> Indeed if I just ssh-keygen -R fqdn and then ssh to a box after the key has changed there will be similar
> complaints as it verifies on the latter too.
>     and now you can explain me where is the difference in the key on the
>     server has changed and having a different but valid key than the
>     servers one on "known_hosts"
> It can't... but you have to be sure you have edited any entries that may apply and that it is absolutely correct on
> the change ... frankly it's quicker and simpler to test via changing the target host's key rather than your
> known_hosts

and that this is needed shows IMHO a bug because it should
in all cases give out the same warning message

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the devel mailing list