Comment 1 for bug 1670745

Thanks for the bug report!

Steps to reproduce:

$ lxc launch ubuntu-daily:xenial xenial
# edit /etc/ssh/sshd_config and change port to 2222
# service ssh restart
# ip a to note container IP
# exit
$ ssh-keyscan -H -p 2222 <container IP>

The port will be in the output and not hashed as described in the report.

The linked Github issue did state there is a workaround by getting the values unhashed and then hashing them in a second step. Not saying this is ideal, but it is a workaround:
$ ssh-keyscan -p 2222 <container IP>
$ ssh-keygen -H -f .ssh/authorized_keys && rm .ssh/authorized_keys.old

Because the man page for ssh-keyscan clearly states that -H will include the hostnames and addres and makes no mention of port in the hash, I have filed a bug with openssh to get clarity on the expected behavior and if this should be fixed.