ssh-keygen key length mismatch?

Markus Friedl markus.friedl at informatik.uni-erlangen.de
Fri Dec 10 10:27:23 EST 1999


Hello,

could you please provide the output from 'ssh -v'.
the warning is _not_ about the server keys (it would say so),
but about your identity-key I suppose. Try
	ssh-keygen -l -f ~/.ssh/identity.pub
and it will print 1023 while the identity.pub file says 1024.

And no, the bug is only in the original Ylonen RSA-code which
is not reused by OpenSSH.  OpenSSH uses OpenSSL for RSA.

I will make the warning more verbose.

Markus

On Thu, Dec 09, 1999 at 02:07:42PM -0800, Phil Karn wrote:
> Scenario:
> 
> Use the ssh-keygen utility in openssh-1.2pre17 to generate a host key
> Kill and restart sshd
> Remove the old host key from ~/.ssh/known_hosts
> Connect to the host using ssh.
> 
> I get this:
> 
> homer.ka9q.ampr.org$ ssh 199.106.106.3 who
> The authenticity of host '199.106.106.3' can't be established.
> Key fingerprint is 1024 a0:8d:17:f0:fa:a9:9f:6f:b5:d0:1c:d6:02:92:bd:5e.
> Are you sure you want to continue connecting (yes/no)? yes
> Warning: Permanently added '199.106.106.3' to the list of known hosts.
> Warning: keysize mismatch: actual 1023, announced 1024 <------
> 
> I have generated new host keys about a half dozen times now and I get
> the same keysize mismatch message every time. Is this a bug in
> ssh-keygen inherited from the original Ylonen code?
> 
> Simply changing the keysize field in /etc/ssh/ssh_host_key.pub and
> restarting the server doesn't fix the problem. I guess the server gets 
> the size from the private key file, which I can't edit.
> 
> Phil
> 
> 





More information about the openssh-unix-dev mailing list