Hi, It's probably this ssh-keyscan change
https://www.openssh.org/releasenotes.html OpenSSH 8.1/8.1p1 (2019-10-09) * ssh-keyscan(1): include SHA2-variant RSA key algorithms in KEX proposal; allows ssh-keyscan to harvest keys from servers that disable old SHA1 ssh-rsa. bz#3029 Cheers, Matt On 2026-01-13 9:17 pm, M Rubon wrote:
I have recently been testing OpenWRT 25.12.0-rc1 which includes Dropbear v2025.89. My dropbear has two ssh host keys, ssh-ed25519 and ssh-rsa. A ssh-keyscan from a older Debian running OpenSSH_7.9p1 Debian-10+deb10u4 is only able to detect the ssh-ed25519 hostkey. No ssh-rsa hostkey is reported. Scan from a variety of newer OpenSSH ssh-keyscans correctly sees both hostkeys. This works properly with Ubuntu 22.04, 24.04 and up to date Raspberry Pi OS. I have tested this on two separate OpenWRT instances, one upgraded from v24 and a separate router with a clean install of 12.12-rc1 Same problem on each dropbear, OpenWRT v24 does not have the same problem. This is not urgent for me, but it is curious. I can provide verbose ssh-keyscan logs if needed. M
