Stephan Classen
2016-10-15 01:19:31 UTC
Sorry to pick up this old topic
I ran this week into the same problem except my known_hosts file
contains ecdsa-sha2-nistp256 keys.
Since OpenSSH also determines the order of the host key algorithms by
checking the known_hosts file I would like you to reconsider adding such
an algorithm.
Here an extract of an OpenSSH debug log:
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9p1 Ubuntu-2ubuntu0.2
debug1: Remote protocol version 2.0, remote software version
OpenSSH_5.9p1 Debian-5ubuntu1.10
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.10 pat OpenSSH_5* compat
0x0c000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to xxxx.com:22 as 'git'
debug3: hostkeys_foreach: reading file "/home/yyyy/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file
/home/yyyy/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from xxxx.com
debug3: order_hostkeyalgs: prefer hostkeyalgs:
ecdsa-sha2-nistp256-cert-***@openssh.com,ecdsa-sha2-nistp384-cert-***@openssh.com,ecdsa-sha2-nistp521-cert-***@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
I currently fixed this by setting the the "server_host_key" config.
Never the less this is sub-optimal as I need to repeat this for every
new project that uses JSch. It is prone to break if our IT department
decides to change the host key algorithm.
Thanks
Stephan
I ran this week into the same problem except my known_hosts file
contains ecdsa-sha2-nistp256 keys.
Since OpenSSH also determines the order of the host key algorithms by
checking the known_hosts file I would like you to reconsider adding such
an algorithm.
Here an extract of an OpenSSH debug log:
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9p1 Ubuntu-2ubuntu0.2
debug1: Remote protocol version 2.0, remote software version
OpenSSH_5.9p1 Debian-5ubuntu1.10
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.10 pat OpenSSH_5* compat
0x0c000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to xxxx.com:22 as 'git'
debug3: hostkeys_foreach: reading file "/home/yyyy/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file
/home/yyyy/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from xxxx.com
debug3: order_hostkeyalgs: prefer hostkeyalgs:
ecdsa-sha2-nistp256-cert-***@openssh.com,ecdsa-sha2-nistp384-cert-***@openssh.com,ecdsa-sha2-nistp521-cert-***@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
I currently fixed this by setting the the "server_host_key" config.
Never the less this is sub-optimal as I need to repeat this for every
new project that uses JSch. It is prone to break if our IT department
decides to change the host key algorithm.
Thanks
Stephan