On Wed, 26 Mar 2014, Pieter Bowman wrote: > Here is the output of "ssh -vvv" from both ssh 6.4p1 and 6.6p1 talking > to the same sshd (6.5p1) and using the same ssh-keysign (6.6p1). I > know I'm mixing things a bit, but the behavior is the same no matter > which sshd is being used. I replaced hostname, IP address and home > directory paths. Are you sure that the ssh-keysign is really OpenSSH 6.6p1's? The error you are getting below is consistent with an old ssh-keysign choking on a key type that it doesn't understand (e.g. Ed25519). In any case, this patch to ssh-keysign might help us understand what it happening: diff --git ssh-keysign.c ssh-keysign.c index 4b0996f..cf2cbfd 100644 --- ssh-keysign.c +++ ssh-keysign.c @@ -150,7 +150,7 @@ main(int argc, char **argv) struct passwd *pw; int key_fd[NUM_KEYTYPES], i, found, version = 2, fd; u_char *signature, *data; - char *host; + char *host, *fp; u_int slen, dlen; u_int32_t rnd[256]; @@ -236,8 +235,11 @@ main(int argc, char **argv) break; } } - if (!found) - fatal("no matching hostkey found"); + if (!found) { + fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); + fatal("no matching hostkey found for key %s %s", + key_type(key), fp); + } if (key_sign(keys[i], &signature, &slen, data, dlen) != 0) fatal("key_sign failed"); _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev