Hi, if you connect with xpra to a remote host it will ask for the fingerprint if not already known. Pinentry show's up with a message like "The authenticity of host '<IPv4> can't be established. ed25519 key fingerprint is MD5:<ID> SSHFP validation failed Are you sure you want to continue connecting?" If you accept then every comment will be stripped out of ~/.ssh/known_hosts. An upstream bug is opened (see URL), yet I open this bug here for notification, as this behavior can be pretty annoying. Kind regards, Nils Reproducible: Always
As a workaround writing into the file can be disallowed, which is rather inconvenient though as it prevents also legitimate access to the file: 'chmod -w ~/.ssh/known_hosts'
It is actually a bug in paramiko[1], the underlying ssh library as pointed out by upstream xpra[2]. They also mention to use openssh instead of paramiko as a workaround, using xpra --ssh='ssh', which is way better than my initial read-only approach. [1] https://github.com/paramiko/paramiko/issues/680 [2] https://github.com/Xpra-org/xpra/issues/3266