Bug 2041861

Summary: HashKnownHost deprecation
Product: Red Hat Enterprise Linux 9 Reporter: Dmitry Belyavskiy <dbelyavs>
Component: opensshAssignee: Dmitry Belyavskiy <dbelyavs>
Status: CLOSED WONTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: low Docs Contact: Jan Fiala <jafiala>
Priority: low    
Version: unspecifiedCC: jafiala, jjelen
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-07-18 07:28:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dmitry Belyavskiy 2022-01-18 12:01:21 UTC
HashKnownHost directive is currently considered by upstream as a feature does not providing extra security but having a lot of downsides. 

Upstream considers this feature to be deprecated (see https://lists.mindrot.org/pipermail/openssh-unix-dev/2022-January/039871.html) 

We need to deprecate this functionality in our products (e.g. in RHEL 10) and need to produce some sort of warnings in case of using this option, both in code and documentation

Comment 2 RHEL Program Management 2023-07-18 07:28:19 UTC
After evaluating this issue, there are no plans to address it further or fix it in an upcoming release.  Therefore, it is being closed.  If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.