Thanks for the bug report! Steps to reproduce:
$ lxc launch ubuntu-daily:xenial xenial # edit /etc/ssh/sshd_config and change port to 2222 # service ssh restart # ip a to note container IP # exit $ ssh-keyscan -H -p 2222 <container IP> The port will be in the output and not hashed as described in the report. The linked Github issue did state there is a workaround by getting the values unhashed and then hashing them in a second step. Not saying this is ideal, but it is a workaround: $ ssh-keyscan -p 2222 <container IP> $ ssh-keygen -H -f .ssh/authorized_keys && rm .ssh/authorized_keys.old Because the man page for ssh-keyscan clearly states that -H will include the hostnames and addres and makes no mention of port in the hash, I have filed a bug with openssh to get clarity on the expected behavior and if this should be fixed. ** Bug watch added: OpenSSH Portable Bugzilla #2692 https://bugzilla.mindrot.org/show_bug.cgi?id=2692 ** Also affects: openssh via https://bugzilla.mindrot.org/show_bug.cgi?id=2692 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1670745 Title: ssh-keyscan : bad host signature when using port option To manage notifications about this bug go to: https://bugs.launchpad.net/openssh/+bug/1670745/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
