ssh-keygen key length mismatch?

Phil Karn karn at
Fri Dec 10 09:07:42 EST 1999


Use the ssh-keygen utility in openssh-1.2pre17 to generate a host key
Kill and restart sshd
Remove the old host key from ~/.ssh/known_hosts
Connect to the host using ssh.

I get this:$ ssh who
The authenticity of host '' can't be established.
Key fingerprint is 1024 a0:8d:17:f0:fa:a9:9f:6f:b5:d0:1c:d6:02:92:bd:5e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '' to the list of known hosts.
Warning: keysize mismatch: actual 1023, announced 1024 <------

I have generated new host keys about a half dozen times now and I get
the same keysize mismatch message every time. Is this a bug in
ssh-keygen inherited from the original Ylonen code?

Simply changing the keysize field in /etc/ssh/ and
restarting the server doesn't fix the problem. I guess the server gets 
the size from the private key file, which I can't edit.


More information about the openssh-unix-dev mailing list