[Bug 3627] openssh 9.4p1 does not see RSA keys in know_hosts file.

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat Oct 28 06:05:12 AEDT 2023 

https://bugzilla.mindrot.org/show_bug.cgi?id=3627

--- Comment #8 from openssh bugs <bugzilla at outputservices.com> ---

After putting in the updated hostfile.c and hostfile.h and compiling I
ran the test again.


< user_lamborghini ~/.ssh: > ssh -V
OpenSSH_9.4p1, OpenSSL 3.1.2 1 Aug 2023


< user_lamborghini ~/.ssh: > ls -l
total 6
-rw-r--r--   1 user user     221 Mar 18  2012 authorized_keys
-rw-r--r--   1 user user      26 Aug 30 10:12 config
-rw-r--r--   1 user user     302 Sep  7 10:57 env

First time I use ssh 9.4p1 it asks me to accept the remote workstation
RSA key.

< user_lamborghini ~/.ssh: > ssh user at 10.106.101.142
The authenticity of host '10.106.101.142 (10.106.101.142)' can't be
established.
RSA key fingerprint is
SHA256:lG+1WuVSfR9Frovpc3XXp/AvPK4LpRKSfLEe+6eai9w.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
yes
Warning: Permanently added '10.106.101.142' (RSA) to the list of known
hosts.
user at 10.106.101.142's password: 

Last login: Fri Oct 27 10:16:43 2023 from 137.106.101.128

user at wrkstn42: ~user at wrkstn42:~$ exit
logout
Connection to 10.106.101.142 closed.



It creates two known_hosts files:  known_hosts  and known_hosts.old

< user_lamborghini ~/.ssh: > ls -l
total 10
-rw-r--r--   1 user user     221 Mar 18  2012 authorized_keys
-rw-r--r--   1 user user      26 Aug 30 10:12 config
-rw-r--r--   1 user user     302 Sep  7 10:57 env
-rw-------   1 user user     792 Oct 27 12:41 known_hosts
-rw-r--r--   1 user user     396 Oct 27 12:41 known_hosts.old

It puts two entries of the remote workstation into the known_hosts
file.

< user_lamborghini ~/.ssh: > more known_hosts*
::::::::::::::
known_hosts
::::::::::::::
10.106.101.142 ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDwCIAibDePAymJF3HY4JbLrwp3fXzdTkIi7rcRleoT3E7AxFo+dyQiWsuIRo93KUX4vftYxA7ZMIAux
rrkV/DkTh8MREGRJUR/tWE9w4r4EiGwJdV+mOWzvgYzjQIfeHx76f9zF17YsACbL3riPdWKxVvq80UPIYIkBfUdWbEYCZ1isFMUYgFbB/gE9RjyNmW3LbBiROa+8owMWOKEa
Z0Pk3Cewo4gBBekx/zv4qSsM5i4J5OnTxbgUf2hCrvXAforHMGQ1JjsU+wNYScscDLWDh8vwVFTQDnwzQNifPh3j0XNN60xev3717Jz9Aa99NskCYNtOEpd6YHv23BwzaTx
10.106.101.142 ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDwCIAibDePAymJF3HY4JbLrwp3fXzdTkIi7rcRleoT3E7AxFo+dyQiWsuIRo93KUX4vftYxA7ZMIAux
rrkV/DkTh8MREGRJUR/tWE9w4r4EiGwJdV+mOWzvgYzjQIfeHx76f9zF17YsACbL3riPdWKxVvq80UPIYIkBfUdWbEYCZ1isFMUYgFbB/gE9RjyNmW3LbBiROa+8owMWOKEa
Z0Pk3Cewo4gBBekx/zv4qSsM5i4J5OnTxbgUf2hCrvXAforHMGQ1JjsU+wNYScscDLWDh8vwVFTQDnwzQNifPh3j0XNN60xev3717Jz9Aa99NskCYNtOEpd6YHv23BwzaTx

It puts one entry in the known_hosts.old file.
::::::::::::::
known_hosts.old
::::::::::::::
10.106.101.142 ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDwCIAibDePAymJF3HY4JbLrwp3fXzdTkIi7rcRleoT3E7AxFo+dyQiWsuIRo93KUX4vftYxA7ZMIAux
rrkV/DkTh8MREGRJUR/tWE9w4r4EiGwJdV+mOWzvgYzjQIfeHx76f9zF17YsACbL3riPdWKxVvq80UPIYIkBfUdWbEYCZ1isFMUYgFbB/gE9RjyNmW3LbBiROa+8owMWOKEa
Z0Pk3Cewo4gBBekx/zv4qSsM5i4J5OnTxbgUf2hCrvXAforHMGQ1JjsU+wNYScscDLWDh8vwVFTQDnwzQNifPh3j0XNN60xev3717Jz9Aa99NskCYNtOEpd6YHv23BwzaTx

Now I do verbose diagnostics and get this error:

hostfile_read_key: sshkey_read /export/home/user/.ssh/known_hosts:1:
invalid format

for both entries in the known_hosts file.

How can it be a invalid format when ssh is the application placing the
entries?

Below is the verbose diagnostics.

Is there another option / switch I can put on the command line to dump
better diagnostics?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list