#212518 "Add correct host key" message should say "delete the host key" instead

Package:
openssh-client
Source:
openssh
Description:
secure shell (SSH) client, for secure access to remote machines
Submitter:
Dan Jacobson
Date:
2010-07-02 12:36:03 UTC
Severity:
minor
#212518#5
Date:
2003-09-24 00:20:12 UTC
From:
To:
When we get this message
   The fingerprint for the RSA key sent by the remote host is
   78:eb:0f.....
   Please contact your system administrator.
   Add correct host key in /home/jidanni/.ssh/known_hosts to get rid of this message.
   Offending key in /home/jidanni/.ssh/known_hosts:9
The "Add correct host key..." is not clear enough on what needs to be
done for non-expert users.  He does man ssh-add, but that isn't it.
He can't just edit known_hosts because the format is obviously
different than what is shown on that line above.

Wait, deep in man sshd, we see
     Note that the lines in these files are typically hundreds of characters long, and you
     definitely don't want to type in the host keys by hand.  Rather, generate them by a
     script or by taking /etc/ssh/ssh_host_key.pub and adding the host names at the front.

wonderful :-(
#212518#16
Date:
2010-02-07 18:47:05 UTC
From:
To:
The correct action in this case is almost always "delete the offending
line from the known_hosts file".
But really this is an upstream bug, not Debian.
#212518#21
Date:
2010-06-30 18:32:56 UTC
From:
To:
found 212518 1:5.5p1-4
retitle 212518 "Add correct host key" message should say "delete the host key" instead
thanks

Well if after

  Add correct host key in /home/jidanni/.ssh/known_hosts to get rid of this message.
  Offending key in /home/jidanni/.ssh/known_hosts:2

there will be no instructions on what command one should use to do that,
then that message should be changed to

  Delete the host key in /home/jidanni/.ssh/known_hosts to get rid of this message.
  Offending key in /home/jidanni/.ssh/known_hosts:2
  Use:
  ed /home/jidanni/.ssh/known_hosts<<!
  2d
  wq
  !
  if indeed ed is installed on your system.

Or something, anything, better. Maybe there is a tailor made command one can use.

Maybe

   ssh --reset-my-key example.com

or something.
#212518#30
Date:
2010-06-30 19:18:45 UTC
From:
To:
There is.  If you'd made this message be a nice reminder about the
presence of this bug report rather than just being sarcastic (as usual)
about ed, I might have mentioned it here.

Honestly.  Do they not teach politeness these days?  It always helps.
#212518#35
Date:
2010-06-30 19:44:58 UTC
From:
To:
There I am teaching ed(1) in Chinese,
http://www.youtube.com/watch?v=Pqz7tTlNLB8
That's about all I can handle.
#212518#40
Date:
2010-06-30 23:26:45 UTC
From:
To:
Please unsubscribe openssh@openssh.com from this PR. Colin is the best
person to decide whether this is reported upstream or not.

Also, you are wrong: the correct action is not to delete the host key. In
fact, that is potentially very dangerous.

Furthermore, an automated tool to delete keys from known_hosts already
exists. I bet if you read some manpages then you will find it.
#212518#45
Date:
2010-07-01 05:47:12 UTC
From:
To:
DM> Furthermore, an automated tool to delete keys from known_hosts already
DM> exists. I bet if you read some manpages then you will find it.
Well I hope the message will mention something about it. I dare not CC
upstream though.
#212518#50
Date:
2010-07-02 12:34:23 UTC
From:
To:
I !@#$% found it!
ssh-keygen -R hostname
OK, be sure to mention that (as one of the things one can use) in the
error message! In fact mention a command that just updates it, so the
next time one does ssh, one won't see any messages.