[Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?
Craig Rodrigues
rodrigc at crodrigues.org
Sat Jan 21 16:58:04 MST 2017
On Fri, Jan 20, 2017 at 10:21 PM, Glyph Lefkowitz <glyph at twistedmatrix.com>
wrote:
>
>
> I finally got around to trying this, and was baffled as to why the
> behavior wasn't different between trunk and trunk-with-merged-PRs; then I
> realized the commits from both were already in trunk :-). Seems to work
> great now vs. 16.0 - thank you for fixing this!
>
>
Many thanks to the0id Abhishek Choudhary for doing this to add ECDSA
support to conch.
I just fixed up some of the rough edges in conch.
One minor thing I noticed about conch that deviates from the OpenSSH client
is that conch wants to write two entries in ~/.ssh/known_hosts for each
host it
connects to:
- one entry for the hostname
- one entry for the IP address
If the entry doesn't exist already, then the encoded form of the hostname
is written, so it looks like:
|1|8QluEPLDr6TMoscEvJPcpzFGhGo=|5wLvN+5WhahGWukK2XtBFd/tjaQ=
ecdsa-sha2-nistp256
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBmhQ2+fYcGOOdLqOsRQ5wzvQjP9K1tpF9+UTwLi9UIBIWOySfJBDtkZvycrIYcNolofySA//ffJA4ka0EvfAbg=
|1|EHrWwxCedWehiySnBrsY8YW/9TE=|uDqYMkrF0rvXgQIdDsUhBgPzKEo=
ecdsa-sha2-nistp256
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBmhQ2+fYcGOOdLqOsRQ5wzvQjP9K1tpF9+UTwLi9UIBIWOySfJBDtkZvycrIYcNolofySA//ffJA4ka0EvfAbg=
This seems quite weird to me, and I'm not sure why this behavior was
implemented
differently from the OpenSSH client.
I didn't change this behavior, though.
--
Craig
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20170121/7f54e398/attachment-0002.html>
More information about the Twisted-Python
mailing list