Can we have better ssh fingerprint collision messages?

Lars Seipel lars.seipel at
Wed Nov 13 00:06:42 UTC 2013

On Tue, Nov 12, 2013 at 01:24:16PM +0100, Reindl Harald wrote:
> Am 12.11.2013 13:21, schrieb Matthew Miller:
> > Harald, I'm not seeing the behavior you see either -- if I replace a host
> > key with another one in known_hosts, I get the correct man-in-the-middle
> > message
> interesting, i can reproduce this as often i want in case
> i am doing it in the first one for the short hostname only
> and leave the entry with the FQ and IP-address untouched

Yeah, sure. That's the standard SSH behaviour. As far as it is concerned
those are different hosts. If one wants to change that OpenSSH upstream
would be the appropriate place to do that. I don't think such
modifications should be made in distribution packages. Especially not
without even trying to get upstream feedback on the issue.


More information about the devel mailing list