openssh unix dev - Dec 1999 - ssh-keygen key length mismatch?

Scenario:

Use the ssh-keygen utility in openssh-1.2pre17 to generate a host key
Kill and restart sshd
Remove the old host key from ~/.ssh/known_hosts
Connect to the host using ssh.

I get this:

homer.ka9q.ampr.org$ ssh 199.106.106.3 who
The authenticity of host '199.106.106.3' can't be established.
Key fingerprint is 1024 a0:8d:17:f0:fa:a9:9f:6f:b5:d0:1c:d6:02:92:bd:5e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '199.106.106.3' to the list of known hosts.
Warning: keysize mismatch: actual 1023, announced 1024 <------

I have generated new host keys about a half dozen times now and I get
the same keysize mismatch message every time. Is this a bug in
ssh-keygen inherited from the original Ylonen code?

Simply changing the keysize field in /etc/ssh/ssh_host_key.pub and
restarting the server doesn't fix the problem. I guess the server gets 
the size from the private key file, which I can't edit.

Phil

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 9 Dec 1999, Phil Karn wrote:
> Scenario:
> 
> Use the ssh-keygen utility in openssh-1.2pre17 to generate a host key
> Kill and restart sshd
> Remove the old host key from ~/.ssh/known_hosts
> Connect to the host using ssh.
> 
> I get this:
> 
> homer.ka9q.ampr.org$ ssh 199.106.106.3 who
> The authenticity of host '199.106.106.3' can't be established.
> Key fingerprint is 1024 a0:8d:17:f0:fa:a9:9f:6f:b5:d0:1c:d6:02:92:bd:5e.
> Are you sure you want to continue connecting (yes/no)? yes
> Warning: Permanently added '199.106.106.3' to the list of known
hosts.
> Warning: keysize mismatch: actual 1023, announced 1024 <------
> 
> I have generated new host keys about a half dozen times now and I get
> the same keysize mismatch message every time. Is this a bug in
> ssh-keygen inherited from the original Ylonen code?
I haven't been able to replicate this. What platform and configure
options are you using?

Regards,
Damien
 

- --
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE4UC4qormJ9RG1dI8RAr/XAJ4yKfJBGR/8+UAkFuBCgMycqgQCugCeM0WT
tZdbvW9TmqmW2rEL0Q2SQoI=nL9d
-----END PGP SIGNATURE-----

Hello,

could you please provide the output from 'ssh -v'.
the warning is _not_ about the server keys (it would say so),
but about your identity-key I suppose. Try
	ssh-keygen -l -f ~/.ssh/identity.pub
and it will print 1023 while the identity.pub file says 1024.

And no, the bug is only in the original Ylonen RSA-code which
is not reused by OpenSSH.  OpenSSH uses OpenSSL for RSA.

I will make the warning more verbose.

Markus

On Thu, Dec 09, 1999 at 02:07:42PM -0800, Phil Karn
wrote:
> Scenario:
> 
> Use the ssh-keygen utility in openssh-1.2pre17 to generate a host key
> Kill and restart sshd
> Remove the old host key from ~/.ssh/known_hosts
> Connect to the host using ssh.
> 
> I get this:
> 
> homer.ka9q.ampr.org$ ssh 199.106.106.3 who
> The authenticity of host '199.106.106.3' can't be established.
> Key fingerprint is 1024 a0:8d:17:f0:fa:a9:9f:6f:b5:d0:1c:d6:02:92:bd:5e.
> Are you sure you want to continue connecting (yes/no)? yes
> Warning: Permanently added '199.106.106.3' to the list of known
hosts.
> Warning: keysize mismatch: actual 1023, announced 1024 <------
> 
> I have generated new host keys about a half dozen times now and I get
> the same keysize mismatch message every time. Is this a bug in
> ssh-keygen inherited from the original Ylonen code?
> 
> Simply changing the keysize field in /etc/ssh/ssh_host_key.pub and
> restarting the server doesn't fix the problem. I guess the server gets 
> the size from the private key file, which I can't edit.
> 
> Phil
> 
>