"reject HostKey:" error for ecdsa-sha2-nistp256 key but works for ssh-rsa

[hisham]

Was getting reject HostKey error when connecting to host. Saw that I had a "ecdsa-sha2-nistp256" type key for the server in my known hosts file.

Setting "knownHosts = allowAnyHosts" resolved it but I didn't feel good about that. So what I did is used ssh-keyscan on the host to get the ssh-rsa key for the host and then added that manually to the known hosts file. Now gradle ssh worked without the "knownHosts = allowAnyHosts" config.

I saw issue #55 and this issue seems fixed but it was still occurring for me. Environment info is below. Are we sure ECDSA is fully supported?

Environment info

gradle-ssh-plugin-2.4.2 (groovy-ssh-2.4.2, jsch-0.1.53, groovy-2.4.4, java-1.8.0_45)

[int128]

I tested ECDSA support on Ubuntu 14.04 (Circle CI) and Java based SSH server but it may be not perfect. known_hosts problem confuses many users, so I will add the feature automatically adding host key in the next release.

[hisham]

Ok thanks!

[int128]

Adding host key feature has been released in 2.6.0. Please try it.

[twwwt]

I'm not sure I completely understand this. Is it correct that currently, if a SSH client uses/prefers a ecdsa-sha2-nistp256 host key, one can only get it to work by using knownHosts = addHostKey(file(...))? If that's correct, this solution is incompatible with strict security policies (which we have): whenever the host keys file does not yet exist or does not yet contain the key for a host, any key that the server sends will be accepted (which is vulnerable to man-in-the-middle attacks).

[hisham]

BTW I am still getting the issue with the latest 2.8.0 plugin.

Env info: gradle-ssh-plugin-2.8.0 (groovy-ssh-2.8.0, jsch-0.1.53, groovy-2.4.4, java-1.8.0_45)

[hisham]

Nevermind - it works after adding knownHosts = addHostKey(file("${System.properties['user.home']}/.ssh/known_hosts")) in the settings.