missing ssh key in results returned by ssh-keyscan?
in short
[newbie here] Why can't I find my SSH key with which I connect to my server in what is returned by ssh-keyscan -H my_server_address
?
I rent a dedicated server based on Debian 10 (OVH)
The server is configured with an ECDSA SSH key (henceforth named wanax2root
) and I connect without any warning/error message to the server without ever giving the server root password. I use a ssh-agent, feeding it through commands like ssh-add ~/.ssh/wanax1root-key-ecdsa
.
Informations about this SSH key are:
$ ssh-add -l
521 SHA256:1B0ZEojAQH5GJKB9+pTggVEJagOcSH47uHxQ6grmBiM wanax2root (ECDSA)
$ ssh-add -L
ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFKLmZ/nafsLpIjm3gtEi95DK952807BCg87H+F2M0iEyBhJ1DFajdVi613/O16PEqroC2EzbKZkBRYZ8z7L7aa4wCbwtNaEBdIQU6yIqHZhR/Prpa1VtB9iLHlDZE9QEQf6GzwoIN/+l3/KYAPHVDTl8wdX0fdNrmkjw47rAPzr96qwA== wanax2root
Everything's ok on serverside, the key is the same:
$ cat /root/.ssh/authorized_keys
no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"debian\" rather than the user \"root\".';echo;sleep 10" ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFKLmZ/nafsLpIjm3gtEi95DK952807BCg87H+F2M0iEyBhJ1DFajdVi613/O16PEqroC2EzbKZkBRYZ8z7L7aa4wCbwtNaEBdIQU6yIqHZhR/Prpa1VtB9iLHlDZE9QEQf6GzwoIN/+l3/KYAPHVDTl8wdX0fdNrmkjw47rAPzr96qwA== wanax2root
I had the curiosity to launch a ssh-keyscan -H my_server_address
command before and after my very first logging to this server. Both results are exactly the same, which is normal since (1) the SSH key was already configured by OVH and (2) since I didn't add any other ssh key through ssh-copy-id -i
.
I got the following lines:
# 5.XXX.XXX.XX:22 SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
|1|eSa30X77kCbVk9pvkrOqqVeKjT8=|pIs7jxoQgjI3sGatLQuar/fTCTI= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDL1yMDEEG7PiXI6cCIfFdzIVIDRd3cilQYWmel/C3gRV3Dnfsn++GJCvX9XavHJEeEV9vqx6nCdg7q3jJcHo18pqocFM3whQ07CJg7HHQHxPKDTM+X6eUFCZIl//u08yeT+YqttXran3Q4rPpbrIBaCN4M8AleQQhwpTE1wdKTuMZEzXTaY3umL8mf+fedJoDkwKKQAJhHm9xYRgfKf03ylC2R1b6HjjZ9lCwUa/SUul9ZghZLj1uu1ujpZnjksySSksmdgso96iSSObgOATRdtUafDrHd/CcDFybWNIz2pCdFcnT7JZtUovSjqoCMp1Ltx5TyYUKb8KOSx/ahgP5h
# 5.XXX.XXX.XX:22 SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
|1|QPRBXqkMX0AZIJFKQKxNRND3Pr4=|C32YDldW/dFNWN/WxS8EFCSnh9I= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDTjzJA4/4IhkgwOtGNOYBE6e7sHYO0TUGKbwF52MS6p+X/0XUYNA7Nv8m4pUd/DqxqM3u8sz9waJHCLu8uEfr4=
# 5.XXX.XXX.XX:22 SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
|1|ubggk67o1Mt6nT0o6jqKlXYEU5s=|aQLlAsU/lSTsKwwqVTVPz5UD3nU= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOk9LWiwQWjzXdvpnV5FJyElROVYyzU0bAeAPtMSEJNx
# 5.XXX.XXX.XX:22 SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
# 5.XXX.XXX.XX:22 SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
I don't find my SSH key among these lines. Sure there's one ECDSA SSH key, namely:
|1|QPRBXqkMX0AZIJFKQKxNRND3Pr4=|C32YDldW/dFNWN/WxS8EFCSnh9I= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDTjzJA4/4IhkgwOtGNOYBE6e7sHYO0TUGKbwF52MS6p+X/0XUYNA7Nv8m4pUd/DqxqM3u8sz9waJHCLu8uEfr4=
but the details seem to indicate that that's not my SSH key, namely:
$ ssh-add -L
ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFKLmZ/nafsLpIjm3gtEi95DK952807BCg87H+F2M0iEyBhJ1DFajdVi613/O16PEqroC2EzbKZkBRYZ8z7L7aa4wCbwtNaEBdIQU6yIqHZhR/Prpa1VtB9iLHlDZE9QEQf6GzwoIN/+l3/KYAPHVDTl8wdX0fdNrmkjw47rAPzr96qwA== wanax2root
The documentation didn't help me.
Any help would be welcome ! Where is my SSH key ?
You seem to be confusing the host keys with your personal user keys. These are separate and distinct.
ssh_keyscan
retrieves the host keys for a given host. It does nothing with user keys.