Created attachment 1628 [details] All files needed to set up test case Problem: I've come across two host key pairs which do not work correctly: - ssh-keygen -l -f key_A gives fingerprint fp_A - ssh'ing to an sshd using key_A as host key givs fingerprint fp_B - fp_B != fp_A (actually the ssh client receives a different host key) The problem occurs with OpenSSH 5.1p (both openSUSE 11.1 and Knoppix 6.1 (Debian based)) and OpenSSH 4.6p1 (openSUSE 10.3). It's not an MITM. I could reproduce the behavior booting from a clean live Linux CD, ssh'ing to localhost without any other network connections available. I'm not entirely sure, but I'm guessing the keys were generated with OpenSSH 4.6p1. Expected behavior: fp_B == fp_A or If the keys are somehow broken, SSHD should tell the user about it. Reproduce: The keys in question are in the attachment: ssh-prob/ssh_host_rsa_key ssh-prob/ssh_host_dsa_key.pub ssh-prob/ssh_host_dsa_key ssh-prob/ssh_host_rsa_key.pub 1.) Unpack prob.tar.gz 2.) Start testcase.sh Example: $ ./testcase.sh testcase.sh: Setting up test case in '/tmp/tmp.jxjR9LsMNh' ... DONE testcase.sh: Fingerprint for host key is: 1024 37:66:7b:99:ea:09:9a:1d:7e:09:3a:90:3e:d0:86:9b /tmp/tmp.jxjR9LsMNh/ssh_host_rsa_key.pub (RSA) testcase.sh: Please compare with fingerprint given from 'ssh -p 55555 localhost' testcase.sh: Starting SSHD ... debug1: sshd version OpenSSH_5.1p1 [...] $ ssh -p 55555 localhost The authenticity of host '[localhost]:55555 ([127.0.0.1]:55555)' can't be established. RSA key fingerprint is 6a:ef:32:f1:63:c1:db:d2:81:e6:4b:f7:e8:ec:01:4a. Are you sure you want to continue connecting (yes/no)?
Can you reproduce this with a more recent OpenSSH version?
I don't know. Somehow the reproducer seems to be damaged. $ file prob.tar.gz prob.tar.gz: data $ gunzip prob.tar.gz gzip: prob.tar.gz: not in gzip format $ sha256sum prob.tar.gz 0b505d2c32adf3b714c5adeb7cc3f6589d3506ee086aa2dc2bddc5e518ba8198 prob.tar.gz
doesn't reproduce
Close all resolved bugs after release of OpenSSH 7.7.