Bug? between OpenSSH 6.4p1 and 6.5p1(also 6.6p1)
Pieter Bowman
bowman at math.utah.edu
Thu Mar 27 12:19:15 EST 2014
>> ...
>> Are you sure that the ssh-keysign is really OpenSSH 6.6p1's? The error
>> you are getting below is consistent with an old ssh-keysign choking
>> on a key type that it doesn't understand (e.g. Ed25519).
>> ...
I applied the patch to ssh-keysign.c, compiled from scratch and did
the install. Here are the differences between the log I sent
previously and for the current install (I went ahead and started the
6.6p1 sshd):
25,26c25,26
< debug1: Remote protocol version 2.0, remote software version OpenSSH_6.5
< debug1: match: OpenSSH_6.5 pat OpenSSH* compat 0x04000000
---
> debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6
> debug1: match: OpenSSH_6.6 pat OpenSSH* compat 0x04000000
127c127
< no matching hostkey found
---
> no matching hostkey found for key ED25519 41:cd:e0:03:3f:32:4e:a3:1c:34:b9:c9:8d:cc:d8:d2
So yes, the key in question is the ED25519 key. The files
/etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_ed25519_key.pub,
exist. However, the ED25519 key didn't exist in the
/etc/ssh/ssh_known_hosts file. Adding that key changes the behavior
some, but I still get the following when running 'ssh <HOST>':
no matching hostkey found for key ED25519 41:cd:e0:03:3f:32:4e:a3:1c:34:b9:c9:8d:cc:d8:d2
ssh_keysign: no reply
key_sign failed
bowman@<HOST>'s password:
Permission denied, please try again.
bowman@<HOST>'s password:
Including the spurious password prompt, which doesn't wait for input.
Pieter
More information about the openssh-unix-dev
mailing list