openssh bugs - Sep 2020 - [Bug 3216] New: Confusing error "host key ... has changed" when connecting to a server not offering matching host key types

https://bugzilla.mindrot.org/show_bug.cgi?id=3216

            Bug ID: 3216
           Summary: Confusing error "host key ... has changed" when
                    connecting to a server not offering matching host key
                    types
           Product: Portable OpenSSH
           Version: 7.9p1
          Hardware: ARM64
                OS: Linux
            Status: NEW
          Severity: minor
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: jatjasjem at gmail.com

I'm trying to connect to a server that I previously connected to. The
last
time I connected to it, ssh used its ECDSA key for host verification.
This is
the only key in my known hosts file:

    $ cat ~/.ssh/known_hosts | awk '{print $2}' | uniq
    ecdsa-sha2-nistp256

The server is no longer offering this key. This is what I get when I
try to
connect now:

    $ ssh user at host -p 23
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
    Someone could be eavesdropping on you right now (man-in-the-middle
attack)!
    It is also possible that a host key has just been changed.
    The fingerprint for the RSA key sent by the remote host is
    SHA256:VzEhMh3aw2lqAsZSdLbYJAhwW4yIgUxCRotrMoWqzT9.
    Please contact your system administrator.
    Add correct host key in /home/user/.ssh/known_hosts to get rid of
this message.
    Offending ECDSA key in /home/user/.ssh/known_hosts:1
      remove with:
      ssh-keygen -f "/home/user/.ssh/known_hosts" -R
"[host]:23"
    RSA host key for [host]:23 has changed and you have requested
strict checking.
    Host key verification failed.

I am expecting to get this warning, but the penultimate line sounds
wrong to
me. From the point of view of ssh, "RSA host key" shouldn't appear
changed; it
didn't know anything about it at all. In fact, the actual RSA key on
the 
server never changed. What changed was the type of key offered by the
server.

I think the error message should reflect that.

To reproduce, run

    /usr/sbin/sshd -ddd -p 23 -oHostKeyAlgorithms=ecdsa-sha2-nistp256

Connect to let ssh remember the key, then run

    /usr/sbin/sshd -ddd -p 23 -oHostKeyAlgorithms=rsa-sha2-256

Connect again and observe the error

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3216

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
           Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org
                 CC|                            |djm at mindrot.org,
                   |                            |dtucker at dtucker.net
   Attachment #3455|                            |ok?(dtucker at dtucker.net)
              Flags|                            |

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Created attachment 3455
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3455&action=edit
Do not prefix "host key changed" message with potentially incorrect
key
type

Yes, the key type in that error should not be there.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3216

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |3217


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=3217
[Bug 3217] Tracking bug for 8.5 release
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3216

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3455|ok?(dtucker at dtucker.net)    |ok+
              Flags|                            |

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3216

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |FIXED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
This has been committed and will be in OpenSSH 8.5

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3216

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
close bugs that were resolved in OpenSSH 8.5 release cycle

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.