On Wed, 26 Mar 2014, Pieter Bowman wrote:
> Here is the output of "ssh -vvv" from both ssh 6.4p1 and 6.6p1 talking
> to the same sshd (6.5p1) and using the same ssh-keysign (6.6p1). I
> know I'm mixing things a bit, but the behavior is the same no matter
> which sshd is being used. I replaced hostname, IP address and home
> directory paths.
Are you sure that the ssh-keysign is really OpenSSH 6.6p1's? The error
you are getting below is consistent with an old ssh-keysign choking
on a key type that it doesn't understand (e.g. Ed25519).
In any case, this patch to ssh-keysign might help us understand what
it happening:
diff --git ssh-keysign.c ssh-keysign.c
index 4b0996f..cf2cbfd 100644
--- ssh-keysign.c
+++ ssh-keysign.c
@@ -150,7 +150,7 @@ main(int argc, char **argv)
struct passwd *pw;
int key_fd[NUM_KEYTYPES], i, found, version = 2, fd;
u_char *signature, *data;
- char *host;
+ char *host, *fp;
u_int slen, dlen;
u_int32_t rnd[256];
@@ -236,8 +235,11 @@ main(int argc, char **argv)
break;
}
}
- if (!found)
- fatal("no matching hostkey found");
+ if (!found) {
+ fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+ fatal("no matching hostkey found for key %s %s",
+ key_type(key), fp);
+ }
if (key_sign(keys[i], &signature, &slen, data, dlen) != 0)
fatal("key_sign failed");
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
