openssh-client: Hashed keys by ssh-keyscan are not accepted by ssh client.

Karsten Heymann kheymann at
Tue May 20 08:32:30 UTC 2008

Package: openssh-client
Version: 1:4.7p1-8ubuntu1.2
Severity: normal


while trying to preseed my known_hosts file with keys of our servers, i
stumbled upon that

  ssh-keyscan -t rsa,dsa $TARGET,$TARGET_IP > ~/.ssh/known_hosts 
  ssh $TARGET

  (WARNING: overwrites ~/.ssh/known_hosts, use a dedicated test user!)

works just fine (don't need to confirm the hostkey of $TARGET any more),
when creating the recommended hashed hostkeynames with 

  ssh-keyscan -H -t rsa,dsa $TARGET,$TARGET_IP > ~/.ssh/known_hosts 
  ssh $TARGET

I'm still asked by ssh to confirm the hostkey. So there seems to be some
problem with the hashing algorithm in ssh-keyscan.


-- System Information:
Debian Release: lenny/sid
  APT prefers hardy-updates
  APT policy: (500, 'hardy-updates'), (500, 'hardy-security'), (500, 'hardy-backports'), (500, 'hardy'), (500, 'gutsy')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.24-16-generic (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssh-client depends on:
ii  adduser        3.105ubuntu1              add and remove users and groups
ii  debconf [debco 1.5.20                    Debian configuration management sy
ii  dpkg           package maintenance system for Deb
ii  libc6          2.7-10ubuntu3             GNU C Library: Shared libraries
ii  libcomerr2     1.40.8-2ubuntu2           common error description library
ii  libedit2       2.9.cvs.20050518-4        BSD editline and history libraries
ii  libkrb53       1.6.dfsg.3~beta1-2ubuntu1 MIT Kerberos runtime libraries
ii  libncurses5    5.6+20071124-1ubuntu2     Shared libraries for terminal hand
ii  libssl0.9.8    0.9.8g-4ubuntu3.1         SSL shared libraries
ii  passwd         1:       change and administer password and
ii  zlib1g         1:   compression library - runtime

Versions of packages openssh-client recommends:
ii  xauth                         1:1.0.2-2  X authentication utility

-- no debconf information

More information about the ubuntu-users mailing list