==> we see the port number because it is not hashed !
GOOD :
============
rm ~/.ssh/known_hosts
:~/$ ssh -p [...port...] [...snip...]
The authenticity of host '[[...snip...]]:[...port...] ([[...snip...]]:[...port...])' can't be established.
ECDSA key fingerprint is SHA256:b/Jx+y3fNWFqOqTzFRI3XGrz33DBtAFFLmQaYQYFRnM.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[[...snip...]]:[...port...],[[...snip...]]:[...port...]' (ECDSA) to the list of known hosts.
[...snip...]@[...snip...]'s password:
It seems that ssh-keyscan version and open-ssh version differs :
dpkg -l | grep openssh :: ii openssh-client 1:7.2p2-4ubuntu2.1 [...]
ssh-keyscan -v [...] :: debug1: match: OpenSSH_6.7p1 Debian-5+deb8u3 pat OpenSSH* compat 0x04000000
It is very annoying because I am trying to manage hand installed VMs with Ansible. For that I want to automate SSH host keys storing in known_hosts database. And because of this bug I can't. (ansible KIKIN project in development).
When I use the port option with ssh-keygen, the result is not compatible with ssh known_host file format.
UBUNTU VERSION :
================
lsb_release -rd
Description: Ubuntu 16.04.1 LTS
Release: 16.04
BAD : ..]:[.. .port.. .] SSH-2.0- OpenSSH_ 6.7p1 Debian-5+deb8u3 KEX_ECDH_ REPLY f7fUydgU4O+ BDoLg=| 9SmWBUxFZkpR70H qq8uqxLAzXFU= ]:[...port. ..] ecdsa-sha2-nistp256 AAAAE2VjZHNhLXN oYTItbmlzdHAyNT YAAAAIbmlzdHAyN TYAAABBBLEde+ dZfL0TW6Z9jh+ gOkW5fG/ qeP9JAejKQXdmg9 D7CH4NwMrWDEjXB DDo6iirIPAB6M0u UnK2mDw7uUWXYt8 =
============
:~/.ssh$ cat /etc/issue
Ubuntu 16.04.1 LTS \n \l
:~/.ssh$ ssh-keyscan -v -p [...port...] -t ecdsa -H [...snip...]
debug1: match: OpenSSH_6.7p1 Debian-5+deb8u3 pat OpenSSH* compat 0x04000000
# [...snip.
debug1: Enabling compatibility mode for protocol 2.0
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: <email address hidden>
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: <email address hidden> MAC: <implicit> compression: none
debug1: kex: client->server cipher: <email address hidden> MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_
[|1|BEEwVcggbNP
==> we see the port number because it is not hashed !
GOOD : ..]]:[. ..port. ..] ([[...snip. ..]]:[. ..port. ..])' can't be established. b/Jx+y3fNWFqOqT zFRI3XGrz33DBtA FFLmQaYQYFRnM. ..]]:[. ..port. ..],[[. ..snip. ..]]:[. ..port. ..]' (ECDSA) to the list of known hosts. ..]@[.. .snip.. .]'s password:
============
rm ~/.ssh/known_hosts
:~/$ ssh -p [...port...] [...snip...]
The authenticity of host '[[...snip.
ECDSA key fingerprint is SHA256:
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[[...snip.
[...snip.
:~/$ !cat DMHLO7yGOivI17+ WFQI=|B+ a6SrzF1GBd3XFvm AvQRnJxLWs= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXN oYTItbmlzdHAyNT YAAAAIbmlzdHAyN TYAAABBBLEde+ dZfL0TW6Z9jh+ gOkW5fG/ qeP9JAejKQXdmg9 D7CH4NwMrWDEjXB DDo6iirIPAB6M0u UnK2mDw7uUWXYt8 = UF12JXRwxvAL9So =|ToMf+ kRwbSeNertVdUVu G3iLdH8= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXN oYTItbmlzdHAyNT YAAAAIbmlzdHAyN TYAAABBBLEde+ dZfL0TW6Z9jh+ gOkW5fG/ qeP9JAejKQXdmg9 D7CH4NwMrWDEjXB DDo6iirIPAB6M0u UnK2mDw7uUWXYt8 =
cat ~/.ssh/known_hosts
|1|qdg91H9/
|1|8I/vbrBV04Va
==> we cannot see the port number as it is well hashed !
REMARKS : /github. com/ansible/ ansible- modules- extras/ issues/ 2651
==============
Same problem has already reported here (on macOS): https:/
It seems that ssh-keyscan version and open-ssh version differs :
dpkg -l | grep openssh :: ii openssh-client 1:7.2p2-4ubuntu2.1 [...]
ssh-keyscan -v [...] :: debug1: match: OpenSSH_6.7p1 Debian-5+deb8u3 pat OpenSSH* compat 0x04000000
It is very annoying because I am trying to manage hand installed VMs with Ansible. For that I want to automate SSH host keys storing in known_hosts database. And because of this bug I can't. (ansible KIKIN project in development).
Thank you,
BR,
Gautier HUSSON.