[Bug 2605] New: ssh-keyscan generates errors in /var/log/secure

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu Aug 18 22:01:10 AEST 2016


https://bugzilla.mindrot.org/show_bug.cgi?id=2605

            Bug ID: 2605
           Summary: ssh-keyscan generates errors in /var/log/secure
           Product: Portable OpenSSH
           Version: 6.4p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh-keyscan
          Assignee: unassigned-bugs at mindrot.org
          Reporter: horsley1953 at gmail.com

On my host system (centos 7) which has
openssh-clients-6.4p1-8.el7.x86_64, if I run ssh-keyscan <target>,
where the target system is fedora 24 with openssh-7.2p2-12.fc24.x86_64,
then the /var/log/secure file on the target system gets this message:

Aug 18 07:45:29 tomh sshd[17626]: fatal: Unable to negotiate with
10.134.30.124 port 36367: no matching host key type found. Their offer:
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 [preauth]

It clutters up the log something fierce since I have automated tests
running all the time and verifying host keys with ssh-keyscan before
trying to ssh into the system.

It is also mysterious as heck, since the ssh-keyscan does in fact work,
and subsequent ssh commands work, so it looks like something failed,
sends me on a wild goose chase trying to find out what failed, and
eventually leads me here to record this as a bug just in case it really
is a bug (which I'm not sure of at all).

Any simple way to stop these log messages?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list