Re: [JSch-users] known hosts bug, sort of
Status: Alpha
Brought to you by:
ymnk
Menu
▾
▴
Re: [JSch-users] known hosts bug, sort of
|
From: Stephan C. <ste...@ca...> - 2016-10-15 01:44:40
|
Sorry to pick up this old topic I ran this week into the same problem except my known_hosts file contains ecdsa-sha2-nistp256 keys. Since OpenSSH also determines the order of the host key algorithms by checking the known_hosts file I would like you to reconsider adding such an algorithm. Here an extract of an OpenSSH debug log: debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.9p1 Ubuntu-2ubuntu0.2 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.10 debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.10 pat OpenSSH_5* compat 0x0c000000 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to xxxx.com:22 as 'git' debug3: hostkeys_foreach: reading file "/home/yyyy/.ssh/known_hosts" debug3: record_hostkey: found key type ECDSA in file /home/yyyy/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys from xxxx.com debug3: order_hostkeyalgs: prefer hostkeyalgs: ecd...@op...,ecd...@op...,ecd...@op...,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received I currently fixed this by setting the the "server_host_key" config. Never the less this is sub-optimal as I need to repeat this for every new project that uses JSch. It is prone to break if our IT department decides to change the host key algorithm. Thanks Stephan |