ssh-keygen key length mismatch?
Phil Karn
karn at ka9q.ampr.org
Fri Dec 10 09:07:42 EST 1999
Scenario:
Use the ssh-keygen utility in openssh-1.2pre17 to generate a host key
Kill and restart sshd
Remove the old host key from ~/.ssh/known_hosts
Connect to the host using ssh.
I get this:
homer.ka9q.ampr.org$ ssh 199.106.106.3 who
The authenticity of host '199.106.106.3' can't be established.
Key fingerprint is 1024 a0:8d:17:f0:fa:a9:9f:6f:b5:d0:1c:d6:02:92:bd:5e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '199.106.106.3' to the list of known hosts.
Warning: keysize mismatch: actual 1023, announced 1024 <------
I have generated new host keys about a half dozen times now and I get
the same keysize mismatch message every time. Is this a bug in
ssh-keygen inherited from the original Ylonen code?
Simply changing the keysize field in /etc/ssh/ssh_host_key.pub and
restarting the server doesn't fix the problem. I guess the server gets
the size from the private key file, which I can't edit.
Phil
More information about the openssh-unix-dev
mailing list