ssh-keyscan hashed output with ports
Charlie Smurthwaite
charlie at atech.media
Fri Oct 12 21:33:46 AEDT 2018
Hi,
I am using a linux build of openssh portable. I have been struggling
today with intermittently not being able to use "ssh-keygen -F" to find
hosts in my known_hosts file in the case where the file is hashed and
the remote server uses a non-standard port.
The reason for this turns out to be that ssh-keyscan does not include
port numbers when hashing its output. This is inconsistent with the ssh
client which does include the port when writing hashed entries to
known_hosts.
The openssh client works around this by searching the hosts file for
entries both with and without the port number, however this behaviour
does not seem ideal, particularly in the case of attempting to use
"ssh-keygen -F" to check for entries manually.
I believe the solution would be to change keyprint_one() in
ssh-keyscan.c to generate hashes using host_hash(hostport, NULL, 0)
rather than host_hash(host, NULL, 0).
I have not tested this fix but thought I would defer to the opinion of
the developers. Thank you,
Charlie
More information about the openssh-unix-dev
mailing list