Bug#879969: ssh-keygen confused by ssh1 keys in known_hosts

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#879969: ssh-keygen confused by ssh1 keys in known_hosts
From: Peter Samuelson <peters@p12n.org>
Date: Fri, 27 Oct 2017 13:17:21 -0500
Message-id: <[🔎] 20171027181721.sizen3mbk5vuwdpz@p12n.org>
Reply-to: Peter Samuelson <peters@p12n.org>, 879969@bugs.debian.org

Package: openssh-client
Version: 1:7.6p1-2
Severity: minor


ssh-keygen refuses to edit my known_hosts file because:

    $ ssh-keygen -f kh -R foo
    kh:17: invalid line
    kh:146: invalid line
    kh is not a valid known_hosts file.
    Not replacing existing known_hosts file because of errors

Those "invalid lines" are rsa1 keys:

    rs.site,10.4.4.45 1024 35 120827615620379168038156516080013624848700791268368119108785611376697029075954168094441677159367035018806129401832284850511192692275527462656470026121334403761902147037130809809803347554587276791586677089854981982248968857488459287470369817017855272224015513609748298558561687103816296851327327397457764845141
    foo-net1 512 65537 12916953485480363298334219922262685358649329403718569541545235269691512584713088346570238216084763622340697442750588053760444848729916916068416583187159093

(Yep, a managed switch from around 2006 used a 512-bit rsa1 host key!)

Even though we no longer support protocol 1, it seems normal for a
known_hosts file to still have such entries in it.  Would be nice if
ssh-keygen could still parse (or ignore) those lines.

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: Processed: Re: openssh 7.6 disallows winscp 10.x and newer
Previous by thread: X forwarding fails due to to wrong exception handling in sshd
Index(es):
- Date
- Thread