2041861 – HashKnownHost deprecation

Bug 2041861 - HashKnownHost deprecation

Summary: HashKnownHost deprecation

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	openssh
Sub Component:
Version:	unspecified
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	low
Target Milestone:	rc
Target Release:	---
Assignee:	Dmitry Belyavskiy
QA Contact:	BaseOS QE Security Team
Docs Contact:	Jan Fiala
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-01-18 12:01 UTC by Dmitry Belyavskiy
Modified:	2023-07-18 07:28 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-07-18 07:28:19 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	CRYPTO-10970	0	None	None	None	2023-06-18 07:29:00 UTC
Red Hat Issue Tracker	RHELPLAN-108447	0	None	None	None	2022-01-18 12:05:51 UTC

Description Dmitry Belyavskiy 2022-01-18 12:01:21 UTC

HashKnownHost directive is currently considered by upstream as a feature does not providing extra security but having a lot of downsides. 

Upstream considers this feature to be deprecated (see https://lists.mindrot.org/pipermail/openssh-unix-dev/2022-January/039871.html) 

We need to deprecate this functionality in our products (e.g. in RHEL 10) and need to produce some sort of warnings in case of using this option, both in code and documentation

Comment 2 RHEL Program Management 2023-07-18 07:28:19 UTC

After evaluating this issue, there are no plans to address it further or fix it in an upcoming release.  Therefore, it is being closed.  If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.

Note You need to log in before you can comment on or make changes to this bug.