ssh-keygen key length mismatch?

Markus Friedl markus.friedl at
Fri Dec 10 10:27:23 EST 1999


could you please provide the output from 'ssh -v'.
the warning is _not_ about the server keys (it would say so),
but about your identity-key I suppose. Try
	ssh-keygen -l -f ~/.ssh/
and it will print 1023 while the file says 1024.

And no, the bug is only in the original Ylonen RSA-code which
is not reused by OpenSSH.  OpenSSH uses OpenSSL for RSA.

I will make the warning more verbose.


On Thu, Dec 09, 1999 at 02:07:42PM -0800, Phil Karn wrote:
> Scenario:
> Use the ssh-keygen utility in openssh-1.2pre17 to generate a host key
> Kill and restart sshd
> Remove the old host key from ~/.ssh/known_hosts
> Connect to the host using ssh.
> I get this:
>$ ssh who
> The authenticity of host '' can't be established.
> Key fingerprint is 1024 a0:8d:17:f0:fa:a9:9f:6f:b5:d0:1c:d6:02:92:bd:5e.
> Are you sure you want to continue connecting (yes/no)? yes
> Warning: Permanently added '' to the list of known hosts.
> Warning: keysize mismatch: actual 1023, announced 1024 <------
> I have generated new host keys about a half dozen times now and I get
> the same keysize mismatch message every time. Is this a bug in
> ssh-keygen inherited from the original Ylonen code?
> Simply changing the keysize field in /etc/ssh/ and
> restarting the server doesn't fix the problem. I guess the server gets 
> the size from the private key file, which I can't edit.
> Phil

More information about the openssh-unix-dev mailing list