Skip to content

Downgrade host key mismatch messages from warning to debug

Stan Hu requested to merge sh-downgrade-host-key-errors into main

In production, we often see SSH key scans requesting host key algorithms that we don't support, such as sk-ssh-ed25519@openssh.com or sk-ecdsa-sha2-nistp256@openssh.com.

These messages might be useful if someone forgets to configure a host key that should be supported, but most of the time they are noise.

This commit downgrades these messages to debug.

Before

{"correlation_id":"01G3HTQ47S42DXG8TWTFNG273Q","error":"ssh: no common algorithm for host key; client offered: [rsa-sha2-512 rsa-sha2-256 ssh-rsa], server offered: [ssh-ed25519]","level":"warning","msg":"server: handleConn: failed to initialize SSH connection","remote_addr":"127.0.0.1:57498","time":"2022-05-20T22:51:53Z"}
{"correlation_id":"01G3HTQ47S42DXG8TWTNEGTJC9","error":"ssh: no common algorithm for host key; client offered: [ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521], server offered: [ssh-ed25519]","level":"warning","msg":"server: handleConn: failed to initialize SSH connection","remote_addr":"127.0.0.1:57499","time":"2022-05-20T22:51:53Z"}
{"correlation_id":"01G3HTQ47S42DXG8TWTP4R7WSB","error":"EOF","level":"warning","msg":"server: handleConn: failed to initialize SSH connection","remote_addr":"127.0.0.1:57500","time":"2022-05-20T22:51:53Z"}
{"correlation_id":"01G3HTQ47S42DXG8TWTKKYKFP5","error":"ssh: no common algorithm for host key; client offered: [sk-ssh-ed25519@openssh.com], server offered: [ssh-ed25519]","level":"warning","msg":"server: handleConn: failed to initialize SSH connection","remote_addr":"127.0.0.1:57502","time":"2022-05-20T22:51:53Z"}
{"correlation_id":"01G3HTQ47S42DXG8TWTQVNG2FJ","error":"ssh: no common algorithm for host key; client offered: [sk-ecdsa-sha2-nistp256@openssh.com], server offered: [ssh-ed25519]","level":"warning","msg":"server: handleConn: failed to initialize SSH connection","remote_addr":"127.0.0.1:57501","time":"2022-05-20T22:51:53Z"}

After

{"correlation_id":"01G3HTFDW34DWBDF8X8QRSFFDH","error":"ssh: no common algorithm for host key; client offered: [rsa-sha2-512 rsa-sha2-256 ssh-rsa], server offered: [ssh-ed25519]","level":"debug","msg":"server: handleConn: failed to initialize SSH connection","remote_addr":"127.0.0.1:57380","time":"2022-05-20T22:47:41Z"}
{"correlation_id":"01G3HTFDW34DWBDF8X8MSWYYC1","error":"EOF","level":"warning","msg":"server: handleConn: failed to initialize SSH connection","remote_addr":"127.0.0.1:57382","time":"2022-05-20T22:47:41Z"}
{"correlation_id":"01G3HTFDW34DWBDF8X8SZM7Y8W","error":"ssh: no common algorithm for host key; client offered: [sk-ecdsa-sha2-nistp256@openssh.com], server offered: [ssh-ed25519]","level":"debug","msg":"server: handleConn: failed to initialize SSH connection","remote_addr":"127.0.0.1:57383","time":"2022-05-20T22:47:41Z"}
{"correlation_id":"01G3HTFDW34DWBDF8X8T94F8EM","error":"ssh: no common algorithm for host key; client offered: [ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521], server offered: [ssh-ed25519]","level":"debug","msg":"server: handleConn: failed to initialize SSH connection","remote_addr":"127.0.0.1:57381","time":"2022-05-20T22:47:41Z"}
{"correlation_id":"01G3HTFDW34DWBDF8X8M7PN8GJ","error":"ssh: no common algorithm for host key; client offered: [sk-ssh-ed25519@openssh.com], server offered: [ssh-ed25519]","level":"debug","msg":"server: handleConn: failed to initialize SSH connection","remote_addr":"127.0.0.1:57384","time":"2022-05-20T22:47:41Z"}

Relates to #581 (closed)

Edited by Stan Hu

Merge request reports