Bug 3216

Summary:

Confusing error "host key ... has changed" when connecting to a server not offering matching host key types

Product:

Portable OpenSSH

Reporter:

jatjasjem

Component:

ssh

Assignee:

Damien Miller <djm>

Status:

CLOSED FIXED

Severity:

minor

CC:

djm, dtucker

Priority:

Version:

7.9p1

Hardware:

ARM64

OS:

Linux

Bug Depends on:

Bug Blocks:

3217

Attachments:

Description	Flags
Do not prefix "host key changed" message with potentially incorrect key type	dtucker: ok+

Description jatjasjem 2020-09-30 04:31:51 AEST

I'm trying to connect to a server that I previously connected to. The last
time I connected to it, ssh used its ECDSA key for host verification. This is
the only key in my known hosts file:

    $ cat ~/.ssh/known_hosts | awk '{print $2}' | uniq
    ecdsa-sha2-nistp256

The server is no longer offering this key. This is what I get when I try to
connect now:

    $ ssh user@host -p 23
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
    Someone could be eavesdropping on you right now (man-in-the-middle attack)!
    It is also possible that a host key has just been changed.
    The fingerprint for the RSA key sent by the remote host is
    SHA256:VzEhMh3aw2lqAsZSdLbYJAhwW4yIgUxCRotrMoWqzT9.
    Please contact your system administrator.
    Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
    Offending ECDSA key in /home/user/.ssh/known_hosts:1
      remove with:
      ssh-keygen -f "/home/user/.ssh/known_hosts" -R "[host]:23"
    RSA host key for [host]:23 has changed and you have requested strict checking.
    Host key verification failed.

I am expecting to get this warning, but the penultimate line sounds wrong to
me. From the point of view of ssh, "RSA host key" shouldn't appear changed; it
didn't know anything about it at all. In fact, the actual RSA key on the 
server never changed. What changed was the type of key offered by the server.

I think the error message should reflect that.

To reproduce, run

    /usr/sbin/sshd -ddd -p 23 -oHostKeyAlgorithms=ecdsa-sha2-nistp256

Connect to let ssh remember the key, then run

    /usr/sbin/sshd -ddd -p 23 -oHostKeyAlgorithms=rsa-sha2-256

Connect again and observe the error

Comment 1 Damien Miller 2020-11-20 14:00:25 AEDT

Created attachment 3455 [details]
Do not prefix "host key changed" message with potentially incorrect key type

Yes, the key type in that error should not be there.

Comment 2 Damien Miller 2020-11-27 14:21:31 AEDT

This has been committed and will be in OpenSSH 8.5

Comment 3 Damien Miller 2021-03-04 09:52:20 AEDT

close bugs that were resolved in OpenSSH 8.5 release cycle