Host keys are cached in the plugin's sqlite db. It looks like there is no menu or hotkey to manually delete things from the cache. Cached keys are not deleted when deleting entries. My workaround was to export all entries, delete the sqlite db file, then import everything back and re-validate all server fingerprints.
Not being able to delete things from cache becomes a problem when I want to switch the key algorithm.
/* In the first key exchange, we list all the algorithms we're prepared to cope with,
but prefer those algorithms for which we have a host key for this host. */
for (i = 0; i < lenof(hostkey_algs); i++) {
if (have_ssh_host_key(ssh->savedhost, ssh->savedport, hostkey_algs[i]->keytype)) {
alg = ssh2_kexinit_addalg(s->kexlists[KEXLIST_HOSTKEY], hostkey_algs[i]->name);
alg->u.hostkey = hostkey_algs[i];
}
}
for (i = 0; i < lenof(hostkey_algs); i++) {
alg = ssh2_kexinit_addalg(s->kexlists[KEXLIST_HOSTKEY], hostkey_algs[i]->name);
alg->u.hostkey = hostkey_algs[i];
}
This code in putty's ssh.c, added based on wish-hostkey-prefer-cached, means that once a host key with a specific type (RSA, ED25519, EC, DSA) is cached, Netbox will ignore all other types offered by the server, even if they have higher priority in hostkey_algs[]. In general that means existing setups are stuck with RSA forever.
It could be interesting to consider adding some way of dealing with this, especially once PuTTY implements the 2002 wish-hostkey-policy for managing the priority. One quick way might be to add a hotkey, like shift+F8 or something, that would delete the cache for the currently selected entry.
Host keys are cached in the plugin's sqlite db. It looks like there is no menu or hotkey to manually delete things from the cache. Cached keys are not deleted when deleting entries. My workaround was to export all entries, delete the sqlite db file, then import everything back and re-validate all server fingerprints.
Not being able to delete things from cache becomes a problem when I want to switch the key algorithm.
This code in putty's ssh.c, added based on wish-hostkey-prefer-cached, means that once a host key with a specific type (RSA, ED25519, EC, DSA) is cached, Netbox will ignore all other types offered by the server, even if they have higher priority in
hostkey_algs[]. In general that means existing setups are stuck with RSA forever.It could be interesting to consider adding some way of dealing with this, especially once PuTTY implements the 2002 wish-hostkey-policy for managing the priority. One quick way might be to add a hotkey, like shift+F8 or something, that would delete the cache for the currently selected entry.