Bug 2692

Summary:

Hash does not include the port

Product:

Portable OpenSSH

Reporter:

Josh Powers <josh.powers>

Component:

ssh-keyscan

Assignee:

Damien Miller <djm>

Status:

CLOSED FIXED

Severity:

minor

CC:

djm, dtucker

Priority:

Version:

7.4p1

Hardware:

Other

OS:

Linux

Bug Depends on:

Bug Blocks:

2647

Attachments:

Description	Flags
include port in ssh-keyscan hash	dtucker: ok+

Description Josh Powers 2017-03-09 04:55:49 AEDT

This was reported to Ubuntu and I wanted to follow up with the openssh maintainers as to the expected behavior to verify if this is in fact a bug.

When running an ssh-keyscan with the -H option on a custom port the port is not included in the hash and is in plain text. For example:
$ ssh-keyscan -H -p 2222 10.10.10.10
[|1|HASHED_IP]:2222 ssh-rsa MY_RSA_KEY

If however I run ssh-keygen without the -H and then come back with ssh-keygen it will hash the port:
$ ssh-keyscan -p 2222 10.10.10.10 > ~/.ssh/authorized_keys
[10.10.10.10]:2222 ssh-rsa MY_RSA_KEY
$ ssh-keygen -H -f ~/.ssh/authorized_keys
$ cat ~/.ssh/authorized_keys
|1|HASHED_IP_AND_PORT ssh-rsa MY_RSA_KEY

Should ssh-keyscan also be hashing the port?

Comment 1 Damien Miller 2017-03-10 13:42:31 AEDT

Created attachment 2956 [details]
include port in ssh-keyscan hash

ssh-keyscan is in error here. It's supposed to include the port in the hash as ssh and ssh-keygen do.

Comment 2 Damien Miller 2017-03-10 14:18:39 AEDT

Patch applied. This will be in OpenSSH 7.5, due soon.

Comment 3 Damien Miller 2018-04-06 12:26:39 AEST

Close all resolved bugs after release of OpenSSH 7.7.