[Bug 3627] New: openssh 9.4p1 does not see RSA keys in know_hosts file.

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Oct 11 07:45:14 AEDT 2023 

https://bugzilla.mindrot.org/show_bug.cgi?id=3627

            Bug ID: 3627
           Summary: openssh 9.4p1 does not see RSA keys in know_hosts
                    file.
           Product: Portable OpenSSH
           Version: 9.4p1
          Hardware: SPARC
                OS: Solaris
            Status: NEW
          Severity: major
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: bugzilla at outputservices.com

Created attachment 3738
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3738&action=edit
pdf of my issue

I have compiled openssh 9.4p1 using the following compile command:

configure CFLAGS="-g -O3
-L/usr/local/tools/openssh/openssh/openssl/lib/64
-R/usr/local/tools/openssh/openssh/openssl/lib/64 
-I/usr/local/tools/openssh/openssh/openssl/include/openssl" CC="gcc
-m64" --without-zlib-version-check --without-openssl-header-check
--with-pam --prefix=/usr/local/tools/openssh/openssh/openssh

Here is the version:

< user_lamborghini ~/.ssh: > ssh -V
OpenSSH_9.4p1, OpenSSL 3.1.2 1 Aug 2023
< user_lamborghini ~/.ssh: > 

I do not have any knowHost file in my directory

< user_lamborghini ~/.ssh: > ls -l
total 6
-rw-r--r--   1 user user     221 Mar 18  2012 authorized_keys
-rw-r--r--   1 user user      26 Aug 30 10:12 config
-rw-r--r--   1 user user     302 Sep  7 10:57 env
< user_lamborghini ~/.ssh: > 

I connect the first time it asks me to accept the RSA host key.

< user_lamborghini ~/.ssh: > ssh user at 10.106.101.142
The authenticity of host '10.106.101.142 (10.106.101.142)' can't be
established.
RSA key fingerprint is
SHA256:lG+1WuVSfR9Frovpc3XXp/AvPK4LpRKSfLEe+6eai9w.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
yes
Warning: Permanently added '10.106.101.142' (RSA) to the list of known
hosts.

I finish logging in. 
user at 10.106.101.142's password: 

####################################################### 
# 
# WRKSTN42
# 
####################################################### 

WARNING: This is a restricted access server. If you do not have 
explicit permission to access this server, please disconnect 
immediately. Unauthorized access to this system is considered gross 
misconduct and may result in disciplinary action, including revocation 
of network access privileges, immediate termination of employment,
and/or 
prosecution to the fullest extent of the law.  

Last login: Mon Oct  9 11:00:11 2023 from 10.10.10.62
#]0;user at wrkstn42: ~#user at wrkstn42:~$ exit
logout
Connection to 10.106.101.142 closed.
< user_lamborghini ~/.ssh: > 

Now I have TWO known_hosts files.  known_hosts and known_hosts.old.

< user_lamborghini ~/.ssh: > ls -l
total 10
-rw-r--r--   1 user user     221 Mar 18  2012 authorized_keys
-rw-r--r--   1 user user      26 Aug 30 10:12 config
-rw-r--r--   1 user user     302 Sep  7 10:57 env
-rw-------   1 user user     792 Oct  9 11:19 known_hosts
-rw-r--r--   1 user user     396 Oct  9 11:19 known_hosts.old
< user_lamborghini ~/.ssh: > more known*

Here are the entries in the  known_hosts files:

::::::::::::::
known_hosts
::::::::::::::
10.106.101.142 ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDwCIAibDePAymJF3HY4JbLrwp3fXzdTkIi7rcRleoT3E7AxFo+dyQiWsuIRo93KUX4vftYxA7ZMIAuxrrkV/DkTh8MREGRJUR/tWE9w4r4EiGwJdV+mOWzvgYzjQIfeHx76f9zF17YsACbL3riPdWKxVvq80UPIYIkBfUdWbEYCZ1isFMUYgFbB/gE9RjyNmW3LbBiROa+8owMWOKEaZ0Pk3Cewo4gBBekx/zv4qSsM5i4J5OnTxbgUf2hCrvXAforHMGQ1JjsU+wNYScscDLWDh8vwVFTQDnwzQNifPh3j0XNN60xev3717Jz9Aa99NskCYNtOEpd6YHv23BwzaTx
10.106.101.142 ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDwCIAibDePAymJF3HY4JbLrwp3fXzdTkIi7rcRleoT3E7AxFo+dyQiWsuIRo93KUX4vftYxA7ZMIAuxrrkV/DkTh8MREGRJUR/tWE9w4r4EiGwJdV+mOWzvgYzjQIfeHx76f9zF17YsACbL3riPdWKxVvq80UPIYIkBfUdWbEYCZ1isFMUYgFbB/gE9RjyNmW3LbBiROa+8owMWOKEaZ0Pk3Cewo4gBBekx/zv4qSsM5i4J5OnTxbgUf2hCrvXAforHMGQ1JjsU+wNYScscDLWDh8vwVFTQDnwzQNifPh3j0XNN60xev3717Jz9Aa99NskCYNtOEpd6YHv23BwzaTx

::::::::::::::
known_hosts.old
::::::::::::::
10.106.101.142 ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDwCIAibDePAymJF3HY4JbLrwp3fXzdTkIi7rcRleoT3E7AxFo+dyQiWsuIRo93KUX4vftYxA7ZMIAuxrrkV/DkTh8MREGRJUR/tWE9w4r4EiGwJdV+mOWzvgYzjQIfeHx76f9zF17YsACbL3riPdWKxVvq80UPIYIkBfUdWbEYCZ1isFMUYgFbB/gE9RjyNmW3LbBiROa+8owMWOKEaZ0Pk3Cewo4gBBekx/zv4qSsM5i4J5OnTxbgUf2hCrvXAforHMGQ1JjsU+wNYScscDLWDh8vwVFTQDnwzQNifPh3j0XNN60xev3717Jz9Aa99NskCYNtOEpd6YHv23BwzaTx
< user_lamborghini ~/.ssh: > 

It is put in the known_hosts two times and known_hosts.old one time.

Now I log into the same workstation again and I get this error:

parse error in hostkeys file


< user_lamborghini ~/.ssh: > ssh -v user at 10.106.101.142
OpenSSH_9.4p1, OpenSSL 3.1.2 1 Aug 2023
debug1: Reading configuration data /export/home/user/.ssh/config
debug1: Reading configuration data
/usr/local/tools/openssh/openssh_9.4.3.1.2/openssh/etc/ssh_config
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve;
disabling
debug1: Connecting to 10.106.101.142 [10.106.101.142] port 22.
debug1: Connection established.
debug1: identity file /export/home/user/.ssh/id_rsa type -1
debug1: identity file /export/home/user/.ssh/id_rsa-cert type -1
debug1: identity file /export/home/user/.ssh/id_ecdsa type -1
debug1: identity file /export/home/user/.ssh/id_ecdsa-cert type -1
debug1: identity file /export/home/user/.ssh/id_ecdsa_sk type -1
debug1: identity file /export/home/user/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /export/home/user/.ssh/id_ed25519 type -1
debug1: identity file /export/home/user/.ssh/id_ed25519-cert type -1
debug1: identity file /export/home/user/.ssh/id_ed25519_sk type -1
debug1: identity file /export/home/user/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /export/home/user/.ssh/id_xmss type -1
debug1: identity file /export/home/user/.ssh/id_xmss-cert type -1
debug1: identity file /export/home/user/.ssh/id_dsa type -1
debug1: identity file /export/home/user/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.4
debug1: Remote protocol version 2.0, remote software version
OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: compat_banner: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 pat
OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7*
compat 0x04000002
debug1: Authenticating to 10.106.101.142:22 as 'user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256 at libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC:
<implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC:
<implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-rsa
SHA256:lG+1WuVSfR9Frovpc3XXp/AvPK4LpRKSfLEe+6eai9w
debug1: /export/home/user/.ssh/known_hosts:1: parse error in hostkeys
file
debug1: /export/home/user/.ssh/known_hosts:2: parse error in hostkeys
file
debug1: load_hostkeys: fopen /export/home/user/.ssh/known_hosts2: No
such file or directory
debug1: load_hostkeys: fopen
/usr/local/tools/openssh/openssh_9.4.3.1.2/openssh/etc/ssh_known_hosts:
No such file or directory
debug1: load_hostkeys: fopen
/usr/local/tools/openssh/openssh_9.4.3.1.2/openssh/etc/ssh_known_hosts2:
No such file or directory
debug1: hostkeys_find_by_key_hostfile: hostkeys file
/export/home/user/.ssh/known_hosts2 does not exist
debug1: hostkeys_find_by_key_hostfile: hostkeys file
/usr/local/tools/openssh/openssh_9.4.3.1.2/openssh/etc/ssh_known_hosts
does not exist
debug1: hostkeys_find_by_key_hostfile: hostkeys file
/usr/local/tools/openssh/openssh_9.4.3.1.2/openssh/etc/ssh_known_hosts2
does not exist
The authenticity of host '10.106.101.142 (10.106.101.142)' can't be
established.
RSA key fingerprint is
SHA256:lG+1WuVSfR9Frovpc3XXp/AvPK4LpRKSfLEe+6eai9w.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
yes
Warning: Permanently added '10.106.101.142' (RSA) to the list of known
hosts.
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /export/home/user/.ssh/id_rsa 
debug1: Will attempt key: /export/home/user/.ssh/id_ecdsa 
debug1: Will attempt key: /export/home/user/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /export/home/user/.ssh/id_ed25519 
debug1: Will attempt key: /export/home/user/.ssh/id_ed25519_sk 
debug1: Will attempt key: /export/home/user/.ssh/id_xmss 
debug1: Will attempt key: /export/home/user/.ssh/id_dsa 
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /export/home/user/.ssh/id_rsa
debug1: Trying private key: /export/home/user/.ssh/id_ecdsa
debug1: Trying private key: /export/home/user/.ssh/id_ecdsa_sk
debug1: Trying private key: /export/home/user/.ssh/id_ed25519
debug1: Trying private key: /export/home/user/.ssh/id_ed25519_sk
debug1: Trying private key: /export/home/user/.ssh/id_xmss
debug1: Trying private key: /export/home/user/.ssh/id_dsa
debug1: Next authentication method: password
user at 10.106.101.142's password: 
Authenticated to 10.106.101.142 ([10.106.101.142]:22) using "password".
debug1: channel 0: new session [client-session] (inactive timeout: 0)
debug1: Requesting no-more-sessions at openssh.com
debug1: Entering interactive session.
debug1: pledge: filesystem
debug1: client_input_global_request: rtype hostkeys-00 at openssh.com
want_reply 0
debug1: client_input_hostkeys: searching
/export/home/user/.ssh/known_hosts for 10.106.101.142 / (none)
debug1: client_input_hostkeys: searching
/export/home/user/.ssh/known_hosts2 for 10.106.101.142 / (none)
debug1: client_input_hostkeys: hostkeys file
/export/home/user/.ssh/known_hosts2 does not exist
Learned new hostkey: RSA
SHA256:lG+1WuVSfR9Frovpc3XXp/AvPK4LpRKSfLEe+6eai9w
/export/home/user/.ssh/known_hosts:1: invalid known_hosts entry
/export/home/user/.ssh/known_hosts:2: invalid known_hosts entry
/export/home/user/.ssh/known_hosts:3: invalid known_hosts entry
Adding new key for 10.106.101.142 to
/export/home/user/.ssh/known_hosts: ssh-rsa
SHA256:lG+1WuVSfR9Frovpc3XXp/AvPK4LpRKSfLEe+6eai9w
debug1: update_known_hosts: known hosts file
/export/home/user/.ssh/known_hosts2 does not exist
debug1: pledge: fork

I am logged in again for the second time.



####################################################### 
# 
# WRKSTN42
# 
####################################################### 

WARNING: This is a restricted access server. If you do not have 
explicit permission to access this server, please disconnect 
immediately. Unauthorized access to this system is considered gross 
misconduct and may result in disciplinary action, including revocation 
of network access privileges, immediate termination of employment,
and/or 
prosecution to the fullest extent of the law.  

Last login: Mon Oct  9 11:19:56 2023 from 10.10.10.62
#]0;user at wrkstn42: ~#user at wrkstn42:~$ exit
logout
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow at openssh.com reply
0
debug1: channel 0: free: client-session, nchannels 1
Connection to 10.106.101.142 closed.
Transferred: sent 2252, received 3976 bytes, in 1.7 seconds
Bytes per second: sent 1305.3, received 2304.6
debug1: Exit status 0
< user_lamborghini ~/.ssh: > 

Now I have the entry in the known_hosts four times and the
known_hosts.old two times.


< user_lamborghini ~/.ssh: > more known*
::::::::::::::
known_hosts
::::::::::::::
10.106.101.142 ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDwCIAibDePAymJF3HY4JbLrwp3fXzdTkIi7rcRleoT3E7AxFo+dyQiWsuIRo93KUX4vftYxA7ZMIAuxrrkV/DkTh8MREGRJUR/tWE9w4r4EiGwJdV+mOWzvgYzjQIfeHx76f9zF17YsACbL3riPdWKxVvq80UPIYIkBfUdWbEYCZ1isFMUYgFbB/gE9RjyNmW3LbBiROa+8owMWOKEaZ0Pk3Cewo4gBBekx/zv4qSsM5i4J5OnTxbgUf2hCrvXAforHMGQ1JjsU+wNYScscDLWDh8vwVFTQDnwzQNifPh3j0XNN60xev3717Jz9Aa99NskCYNtOEpd6YHv23BwzaTx
10.106.101.142 ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDwCIAibDePAymJF3HY4JbLrwp3fXzdTkIi7rcRleoT3E7AxFo+dyQiWsuIRo93KUX4vftYxA7ZMIAuxrrkV/DkTh8MREGRJUR/tWE9w4r4EiGwJdV+mOWzvgYzjQIfeHx76f9zF17YsACbL3riPdWKxVvq80UPIYIkBfUdWbEYCZ1isFMUYgFbB/gE9RjyNmW3LbBiROa+8owMWOKEaZ0Pk3Cewo4gBBekx/zv4qSsM5i4J5OnTxbgUf2hCrvXAforHMGQ1JjsU+wNYScscDLWDh8vwVFTQDnwzQNifPh3j0XNN60xev3717Jz9Aa99NskCYNtOEpd6YHv23BwzaTx
10.106.101.142 ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDwCIAibDePAymJF3HY4JbLrwp3fXzdTkIi7rcRleoT3E7AxFo+dyQiWsuIRo93KUX4vftYxA7ZMIAuxrrkV/DkTh8MREGRJUR/tWE9w4r4EiGwJdV+mOWzvgYzjQIfeHx76f9zF17YsACbL3riPdWKxVvq80UPIYIkBfUdWbEYCZ1isFMUYgFbB/gE9RjyNmW3LbBiROa+8owMWOKEaZ0Pk3Cewo4gBBekx/zv4qSsM5i4J5OnTxbgUf2hCrvXAforHMGQ1JjsU+wNYScscDLWDh8vwVFTQDnwzQNifPh3j0XNN60xev3717Jz9Aa99NskCYNtOEpd6YHv23BwzaTx
10.106.101.142 ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDwCIAibDePAymJF3HY4JbLrwp3fXzdTkIi7rcRleoT3E7AxFo+dyQiWsuIRo93KUX4vftYxA7ZMIAuxrrkV/DkTh8MREGRJUR/tWE9w4r4EiGwJdV+mOWzvgYzjQIfeHx76f9zF17YsACbL3riPdWKxVvq80UPIYIkBfUdWbEYCZ1isFMUYgFbB/gE9RjyNmW3LbBiROa+8owMWOKEaZ0Pk3Cewo4gBBekx/zv4qSsM5i4J5OnTxbgUf2hCrvXAforHMGQ1JjsU+wNYScscDLWDh8vwVFTQDnwzQNifPh3j0XNN60xev3717Jz9Aa99NskCYNtOEpd6YHv23BwzaTx




::::::::::::::
known_hosts.old
::::::::::::::
10.106.101.142 ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDwCIAibDePAymJF3HY4JbLrwp3fXzdTkIi7rcRleoT3E7AxFo+dyQiWsuIRo93KUX4vftYxA7ZMIAuxrrkV/DkTh8MREGRJUR/tWE9w4r4EiGwJdV+mOWzvgYzjQIfeHx76f9zF17YsACbL3riPdWKxVvq80UPIYIkBfUdWbEYCZ1isFMUYgFbB/gE9RjyNmW3LbBiROa+8owMWOKEaZ0Pk3Cewo4gBBekx/zv4qSsM5i4J5OnTxbgUf2hCrvXAforHMGQ1JjsU+wNYScscDLWDh8vwVFTQDnwzQNifPh3j0XNN60xev3717Jz9Aa99NskCYNtOEpd6YHv23BwzaTx
10.106.101.142 ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDwCIAibDePAymJF3HY4JbLrwp3fXzdTkIi7rcRleoT3E7AxFo+dyQiWsuIRo93KUX4vftYxA7ZMIAuxrrkV/DkTh8MREGRJUR/tWE9w4r4EiGwJdV+mOWzvgYzjQIfeHx76f9zF17YsACbL3riPdWKxVvq80UPIYIkBfUdWbEYCZ1isFMUYgFbB/gE9RjyNmW3LbBiROa+8owMWOKEaZ0Pk3Cewo4gBBekx/zv4qSsM5i4J5OnTxbgUf2hCrvXAforHMGQ1JjsU+wNYScscDLWDh8vwVFTQDnwzQNifPh3j0XNN60xev3717Jz9Aa99NskCYNtOEpd6YHv23BwzaTx
10.106.101.142 ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDwCIAibDePAymJF3HY4JbLrwp3fXzdTkIi7rcRleoT3E7AxFo+dyQiWsuIRo93KUX4vftYxA7ZMIAuxrrkV/DkTh8MREGRJUR/tWE9w4r4EiGwJdV+mOWzvgYzjQIfeHx76f9zF17YsACbL3riPdWKxVvq80UPIYIkBfUdWbEYCZ1isFMUYgFbB/gE9RjyNmW3LbBiROa+8owMWOKEaZ0Pk3Cewo4gBBekx/zv4qSsM5i4J5OnTxbgUf2hCrvXAforHMGQ1JjsU+wNYScscDLWDh8vwVFTQDnwzQNifPh3j0XNN60xev3717Jz9Aa99NskCYNtOEpd6YHv23BwzaTx


This happens every time.

Openssh  9.4p1 is Not seeing the RSA keys in the known_hosts files,
even though it puts the entry in the file.

What is happening?

How can I fix this so it only puts the entry in once and reads it when
I log in again?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list