ssh-keyscan non-standard port broken

micah anderson micah at riseup.net
Tue Oct 13 05:56:27 AEDT 2015


Hello,

If one passes the -p option for a non-standard port to ssh-keyscan when
using the -f option to pull hosts from a file, it results in a
known_hosts entry that is incorrect:

micah at muck$ cat /tmp/try 
199.254.238.47 micah.riseup.net,199.254.238.47

ssh-keyscan -t rsa -p 4422 -f /tmp/try > /tmp/known

micah at muck$ cat /tmp/known
[micah.riseup.net,199.254.238.47]:4422 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwv2zUVJbsQWoezgI3JSwCJVyo95lDcq43dXhoLV3l+aDJZu+Yb6hPRFVHOn/XJXrrVsbY30jqBb498rFRcNg+2lrO/lalg33Ek/pjL2GiezRkKl4m/kMHd2wEvf+ZyvWOIg34jGe4ZMJUIAoJg/NOPzGiA05U8FabTK1jB2IsHMX3cnX9qEm0P9qyOc37AO8yTQUeF53CyZ1Vq6/8VYK1Fu8W+Uup0iikfsLFHlhxC4vkg2gEFp8iSp4gBUybIJ0mBcjGpwt+8KTqEHBEkRjWqH3EkacVm/uWQhVWqPNnamxuc0g0Al9L4htd9GhPqHTrnct+uweVzvsLBI99SPRew==

It seems like putting a list of hostnames,ips inside of the [] doesn't
work:

micah at muck:dotfiles$ ssh -oUserKnownHostsFile=/tmp/known micah at micah.riseup.net -p 4422
The authenticity of host '[micah.riseup.net]:4422 ([199.254.238.47]:4422)' can't be established.
RSA key fingerprint is SHA256:CbHIxWJjFKJk5V+G09XeiABqIRTooC646ZfSl7FRp2w.
Are you sure you want to continue connecting (yes/no)?

It should be constructed like this:

[micah.riseup.net]:4422,[199.254.238.47]:4422 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwv2zUVJbsQWoezgI3JSwCJVyo95lDcq43dXhoLV3l+aDJZu+Yb6hPRFVHOn/XJXrrVsbY30jqBb498rFRcNg+2lrO/lalg33Ek/pjL2GiezRkKl4m/kMHd2wEvf+ZyvWOIg34jGe4ZMJUIAoJg/NOPzGiA05U8FabTK1jB2IsHMX3cnX9qEm0P9qyOc37AO8yTQUeF53CyZ1Vq6/8VYK1Fu8W+Uup0iikfsLFHlhxC4vkg2gEFp8iSp4gBUybIJ0mBcjGpwt+8KTqEHBEkRjWqH3EkacVm/uWQhVWqPNnamxuc0g0Al9L4htd9GhPqHTrnct+uweVzvsLBI99SPRew==

which works.

micah


More information about the openssh-unix-dev mailing list