Is ssh-keygen generating something incorrectly when port is used? 8.8p1 behaviour, find something when querying without port (but not with port): $ ssh-keyscan -p24 -H localhost > x # localhost:24 SSH-2.0-OpenSSH_8.8 # localhost:24 SSH-2.0-OpenSSH_8.8 # localhost:24 SSH-2.0-OpenSSH_8.8 # localhost:24 SSH-2.0-OpenSSH_8.8 # localhost:24 SSH-2.0-OpenSSH_8.8 $ ssh-keygen -F localhost -f x # Host localhost found: line 1 |1|bgKXcPS8/7Gu205qEvRPtD0keuo=|euMjJeWHk/lrQUj6FFKWs+PMuIs= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA69uUvZ2ytAeV6j+K+XAUcg3VjHDcnCeMJhpHWfbjg19VreEhHF4Q9Mqma52rO7Ek3o2H6HtGoA9xFJkq0Qh8najATJXOgWu5j8Sce0BSHrSgBcjc9qSLFuB0scksc3GtaebNfVW2wkMN2bKIgcUYWr7PoegUb2mPCqA+/9uCNmcTkary7fzlNWGGwfkymqPgnEmQi95fYg3iGngbocmTPYAieQx95naeA2qmAflSo1CkA35uv7XYAHUGb4mM+h02rz8fTyYx6UFahDOMVdRDD5dXhwrqE8w6ZupKOzLgYNwvJsNW6c7iXcGijBSN24dn2KUGqVwHriq6oEei4Gbdpw== # Host localhost found: line 2 |1|aSrZkQOhADoYhvmgw8uPQOSDxzk=|ddeO9drGbpfJmuiTUCWFtJT7i4w= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAbLZGODREQwfd0w8DRhWZoBYgPnPWDfs7PeLxV+2CpJNTujVAmFUFBdjlIhb7WdtHaZZBV8b0r9X0Ky3qyoYuM= # Host localhost found: line 3 |1|bm4X5CEL/A2V5NZwjlBC1ZGHcYA=|TYNkBmtPeFC+Zc3y292nEayiGAQ= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILBcofK3yv+1Ypo1s4L2sJy9TOBietyTQGIBw+QE+I+F $ ssh-keygen -F localhost:24 -f x $ $ ssh -V OpenSSH_8.8p1, OpenSSL 3.0.1 14 Dec 2021 and 8.9p1 behaviour, nothing is found in "with and without port" variants: $ ssh-keyscan -p24 -H localhost > x # localhost:24 SSH-2.0-OpenSSH_8.9 # localhost:24 SSH-2.0-OpenSSH_8.9 # localhost:24 SSH-2.0-OpenSSH_8.9 # localhost:24 SSH-2.0-OpenSSH_8.9 # localhost:24 SSH-2.0-OpenSSH_8.9 $ ssh-keygen -F localhost -f x $ $ ssh-keygen -F localhost:24 -f x $ $ ssh -V OpenSSH_8.9p1, OpenSSL 3.0.1 14 Dec 2021 Now 8.9p1 with x file generated with ssh-keygen 8.8p1 works like this: ssh-keygen -F localhost -f x8.9 but 8.8p1 with x file generated by ssh-keygen 8.9p1 fails to find anything.
Could you run ssh-keyscan with the debugging verbosity turned up and attach the output for a failed 8.9 session? Adding -vvv to the arguments will do this
Created attachment 3584 [details] ssh-keyscan -vv -p24 -H localhost "ssh-keyscan -vv -p24 -H localhost" log
Ah, it's probably the fix for bug #3367 https://github.com/openssh/openssh-portable/commit/e9c71498a08 Before 8.9, ssh-keyscan would not include the port in the hash as ssh does. If you use a non-default port now, then it is included in the hash just as if it was added by "ssh -p24 localhost" [djm@neko openssh]$ ./ssh-keyscan -Hp 2222 localhost > /tmp/x # localhost:2222 SSH-2.0-OpenSSH_8.9 [djm@neko openssh]$ ssh-keygen -f /tmp/x -F localhost [djm@neko openssh]$ ssh-keygen -lf /tmp/x -F "[localhost]:2222" # Host [localhost]:2222 found: line 1 [localhost]:2222 RSA SHA256:llyZXQpeXErA3hDjef4lD5vVgsKOLEas0tKMrNSheNw
So not a bug and 'localhost:24' is not supported ([] is mandatory). Indeed, works with []:port.
closing bug resolved during openssh-9.0 release cycle