$ lxc launch ubuntu-daily:xenial xenial
# edit /etc/ssh/sshd_config and change port to 2222
# service ssh restart
# ip a to note container IP
# exit
$ ssh-keyscan -H -p 2222 <container IP>
The port will be in the output and not hashed as described in the report.
The linked Github issue did state there is a workaround by getting the values unhashed and then hashing them in a second step. Not saying this is ideal, but it is a workaround:
$ ssh-keyscan -p 2222 <container IP>
$ ssh-keygen -H -f .ssh/authorized_keys && rm .ssh/authorized_keys.old
Because the man page for ssh-keyscan clearly states that -H will include the hostnames and addres and makes no mention of port in the hash, I have filed a bug with openssh to get clarity on the expected behavior and if this should be fixed.
Thanks for the bug report!
Steps to reproduce:
$ lxc launch ubuntu-daily:xenial xenial sshd_config and change port to 2222
# edit /etc/ssh/
# service ssh restart
# ip a to note container IP
# exit
$ ssh-keyscan -H -p 2222 <container IP>
The port will be in the output and not hashed as described in the report.
The linked Github issue did state there is a workaround by getting the values unhashed and then hashing them in a second step. Not saying this is ideal, but it is a workaround: _keys && rm .ssh/authorized _keys.old
$ ssh-keyscan -p 2222 <container IP>
$ ssh-keygen -H -f .ssh/authorized
Because the man page for ssh-keyscan clearly states that -H will include the hostnames and addres and makes no mention of port in the hash, I have filed a bug with openssh to get clarity on the expected behavior and if this should be fixed.