bugzilla-daemon at bugzilla.mindrot.org
2016-Aug-18 12:01 UTC
[Bug 2605] New: ssh-keyscan generates errors in /var/log/secure
https://bugzilla.mindrot.org/show_bug.cgi?id=2605 Bug ID: 2605 Summary: ssh-keyscan generates errors in /var/log/secure Product: Portable OpenSSH Version: 6.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh-keyscan Assignee: unassigned-bugs at mindrot.org Reporter: horsley1953 at gmail.com On my host system (centos 7) which has openssh-clients-6.4p1-8.el7.x86_64, if I run ssh-keyscan <target>, where the target system is fedora 24 with openssh-7.2p2-12.fc24.x86_64, then the /var/log/secure file on the target system gets this message: Aug 18 07:45:29 tomh sshd[17626]: fatal: Unable to negotiate with 10.134.30.124 port 36367: no matching host key type found. Their offer: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 [preauth] It clutters up the log something fierce since I have automated tests running all the time and verifying host keys with ssh-keyscan before trying to ssh into the system. It is also mysterious as heck, since the ssh-keyscan does in fact work, and subsequent ssh commands work, so it looks like something failed, sends me on a wild goose chase trying to find out what failed, and eventually leads me here to record this as a bug just in case it really is a bug (which I'm not sure of at all). Any simple way to stop these log messages? -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Aug-18 12:04 UTC
[Bug 2605] ssh-keyscan generates errors in /var/log/secure
https://bugzilla.mindrot.org/show_bug.cgi?id=2605 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dtucker at zip.com.au --- Comment #1 from Darren Tucker <dtucker at zip.com.au> --- The severity of this message was changed in 7.2. You could either upgrade or backport the patch: https://anongit.mindrot.org/openssh.git/commit/?id=af1f084857621f14bd9391aba8033d35886c2455 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Aug-19 07:21 UTC
[Bug 2605] ssh-keyscan generates errors in /var/log/secure
https://bugzilla.mindrot.org/show_bug.cgi?id=2605 Jakub Jelen <jjelen at redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jjelen at redhat.com --- Comment #2 from Jakub Jelen <jjelen at redhat.com> --- For Fedora 24, I have repo with the latest openssh version packaged: https://copr.fedoraproject.org/coprs/jjelen/openssh-latest/ It should solve your issue, as pointed out by Darren (note that it was openssh-7.3, which changed the severity). -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Aug-23 00:32 UTC
[Bug 2605] ssh-keyscan generates errors in /var/log/secure
https://bugzilla.mindrot.org/show_bug.cgi?id=2605 --- Comment #3 from Darren Tucker <dtucker at zip.com.au> --- (In reply to Tom Horsley from comment #0)> It clutters up the log something fierce since I have automated tests > running all the time and verifying host keys with ssh-keyscan before > trying to ssh into the system.What value are you getting from "verifying host keys with ssh-keyscan before trying to ssh" ? ssh verifies host keys itself. (In reply to Jakub Jelen from comment #2)> It should solve your issue, as pointed out by Darren (note that it > was openssh-7.3, which changed the severity).Oops, right it was 7.3 not 7.2. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Aug-23 09:09 UTC
[Bug 2605] ssh-keyscan generates errors in /var/log/secure
https://bugzilla.mindrot.org/show_bug.cgi?id=2605 --- Comment #4 from Tom Horsley <horsley1953 at gmail.com> --- (In reply to Darren Tucker from comment #3)> What value are you getting from "verifying host keys with > ssh-keyscan before trying to ssh" ? ssh verifies host keys itself.I meant that I make sure they are valid by setting the host key (so systems that have been regenned and have new host keys don't bring the automated scripts to a screeching halt wanting the answers to silly questions :-). -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Oct-28 04:06 UTC
[Bug 2605] ssh-keyscan generates errors in /var/log/secure
https://bugzilla.mindrot.org/show_bug.cgi?id=2605 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |djm at mindrot.org Resolution|--- |FIXED --- Comment #5 from Damien Miller <djm at mindrot.org> --- This is already fixed in openssh-7.3 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Apr-23 04:55 UTC
[Bug 2605] ssh-keyscan generates errors in /var/log/secure
https://bugzilla.mindrot.org/show_bug.cgi?id=2605 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #6 from Damien Miller <djm at mindrot.org> --- closing resolved bugs as of 8.6p1 release -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
Reasonably Related Threads
- [Bug 2455] New: Regression tests tweaks: keyscan and hostkey_rotation
- [Bug 2523] New: An RSA private key file consistently gives "Badd Passphrase" errors, but worked before
- [Bug 1067] ssh-keyscan does not work with F-Secure SSH 3.2.0 sometimes
- [Bug 3226] New: Feature request: Prempt fingerprint prompt when connecting to new server
- bug in ssh-keyscan.c --