OpenSSH 8.2 appears to be one key to send the public key and a different key to send the signature?

Terra Frost terrafrost at
Mon Feb 20 04:25:09 AEDT 2023

I'm trying to connect to an SSH server using OpenSSH_8.2p1
Ubuntu-4ubuntu0.5, OpenSSL 1.1.1f  31 Mar 2020 and am seeing some weird
stuff in the logs. In particular, there's this:

debug3: sign_and_send_pubkey: RSA
debug3: sign_and_send_pubkey: signing using rsa-sha2-512

What's weird about that is that the key fingerprints are subtly different:

SHA256:Xss+fkLagMzhqQf    EakymnMzhqQ    N2FnzmZHrGJJFRzXA
SHA256:Xss+fkLagMzhqQf    GgpPlmWuHq8    N2FnzmZHrGJJFRzXA

(I added the spaces to make them more readable)

My question is...  how can this be so?

Here's the code that does that:

But in my cursory reading of the code it looks like those two lines should
be the same - not different.

It's also strange that, despite being different, that they're as similar as
they are. With any cryptographic hash I'd expect that changing one
character would change the whole hash *completely* but in this case like
less than half of the hash is being changed? That doesn't make any sense to

Any ideas?

More information about the openssh-unix-dev mailing list