[Bug 1067] ssh-keyscan does not work with F-Secure SSH 3.2.0 sometimes

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Aug 9 21:24:51 EST 2005


           Summary: ssh-keyscan does not work with F-Secure SSH 3.2.0
           Product: Portable OpenSSH
           Version: -current
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Miscellaneous
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: dave at cirt.net

For some obscure reason F-Secure's SSH 3.2.0 redirects warnings down the
connection stream, so when you do a ssh connect you will have a response like:

sshd2[4036]: WARNING: Configuration option SshPAMClientPath is deprecated.
sshd2[4036]: WARNING: DNS lookup failed for "".
SSH-2.0-3.2.0 F-SECURE SSH

ssh-keyscan, in the function "congreet" only examines the first line for the SSH
banner. This is different behaviour to the ssh connect command (which checks all
lines in the first 256 bytes) for the SSH banner.

Because of this you cannot use ssh-keyscan against hosts running this flavour of
SSH unless all of the warnings are cleared.

(There may also be a knock on effect to the ssh command if there are a lot of

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the openssh-bugs mailing list