© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Building and testing latest released upstream
https:/
autoreconf && ./configure && make -j 4
And Testing local ./ssh-keygen just built.
To make sure lib dependencies are not the one that introduce this I built this on Trusty and Zesty after pulling in the "usual" build dependencies for openssh via "apt-get build-dep openssh".
openssh-7.4p1$ ./ssh-keyscan 10.245.71.133 > ~/.ssh/known_hosts
# 10.245.71.133:22 SSH-2.0-
# 10.245.71.133:22 SSH-2.0-
# 10.245.71.133:22 SSH-2.0-
# Save the initial file with Hosts
openssh-7.4p1$ cp ~/.ssh/known_hosts ~/.ssh/
# Check if keys are known (working)
openssh-7.4p1$ ./ssh ubuntu@
Permission denied (publickey).
# Hash entries
openssh-7.4p1$ ./ssh-keygen -H
/root/.
Original contents retained as /root/.
WARNING: /root/.
Delete this file to ensure privacy of hostnames
# Save the first round of hashes
openssh-7.4p1$ cp ~/.ssh/known_hosts ~/.ssh/
# Check if keys are known (still working)
openssh-7.4p1$ ./ssh ubuntu@
Permission denied (publickey).
# Re-hash breaking the content
openssh-7.4p1$ ./ssh-keygen -H
/root/.
Original contents retained as /root/.
WARNING: /root/.
Delete this file to ensure privacy of hostnames
# Save the re-hashed file
openssh-7.4p1$ cp ~/.ssh/known_hosts ~/.ssh/
# Show the error of hashes now being unknown
openssh-7.4p1$ ./ssh ubuntu@
The authenticity of host '10.245.71.133 (10.245.71.133)' can't be established.
ECDSA key fingerprint is SHA256:
Are you sure you want to continue connecting (yes/no)?
The Test can be driven further, the following loop shows nothing on good systems (no diff after the first hashing), while on broken systems it does rehash (and therefore show diff) over and over again.
for i in $(seq 1 20); do ssh-keygen -H; diff -Naur /root/.