Ubuntu

ssh-keyscan not showing keys

Asked by Roger Green

Hi,

Using Ubuntu 20.04.1 ssh-keyscan doesn't seem to show a key, unsure if this is down to security and interacting with older ssh servers or a bug..

[ub2041serv]ssh-keyscan -t rsa testserv
# testserv:22 SSH-1.99-OpenSSH_3.9p1

And with verbose..

[ub2041serv]ssh-keyscan -v -t rsa testserv
debug1: match: OpenSSH_3.9p1 pat OpenSSH_3.* compat 0x01000002
# testserv:22 SSH-1.99-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: (no match)

I see the same behavior when running ssh-keyscan against a large number of UNIX/Linux servers.

Can someone help?

Thanks,
Roger

Question information

Language:
English Edit question
Status:
Expired
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#1

Can you use the command on localhost on one of the remote systems if you SSH over first. Does that work OK?

Revision history for this message
Roger Green (rogvespa) said : 		#2

Hi,

I can ssh to a remote system and use ssh-keyscan ok and it works.

I did a bit more investigation and the issue looks to be the same as this: https://serverfault.com/questions/887442/ssh-keyscan-on-os-x-not-supporting-diffie-hellman-group1-sha1

I have the diffie-hellman algorithms set in the global /etc/ssh/ssh_config file:
KexAlgorithms diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1

This works fine when just using ssh to connect to servers but ssh-keyscan doesn't seem to pick up the changes in ssh_config:

debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,<email address hidden>,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256

debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group-exchange-sha1,diffie-hellman-group4-sha1,diffie-hellman-group1-sha1

Thanks,
Roger

Revision history for this message
Launchpad Janitor (janitor) said : 		#3

This question was expired because it remained in the 'Open' state without activity for the last 15 days.