Digging a bit further, I think this arises because ssh-keysign punts off all its host key processing to openSSL, but openSSL does not support ED25519 keys.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1389167 Title: HostbasedAuthentication produces spurious warnings Status in “openssh” package in Ubuntu: New Bug description: Ubuntu 14.04.1 LTS openssh-client 1:6.6p1-2ubuntu2 We have HostbasedAuthentication set up in our environment so that users can ssh between equivalent hosts without a password. ssh_config contains (relevantly) HostbasedAuthentication yes PreferredAuthentications publickey,hostbased,password,keyboard-interactive EnableSSHKeysign yes sshd_config contains (relevantly) HostbasedAuthentication yes This works: ocelot:~$ ssh othermc othermc:~$ However, ssh-ing as an alternative user produces additional warning messages before the expected password prompt: ocelot:~$ ssh otheruser@othermc no matching hostkey found ssh_keysign: no reply key_sign failed otheruser@othermc's password: If instead of relying on EnableSSHKeysign in ssh_config I make the ssh binary setuid: chmod u+s /usr/bin/ssh ...the extra warnings go away and I get what I expect: ocelot:~$ ssh otheruser@othermc otheruser@othermc's password: This makes me suspect that there may be a problem with ssh-keysign. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1389167/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
