diff --git a/CHANGELOG b/CHANGELOG
index b90c9796f..24fc33a30 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,11 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o [NSE] Made the table returned by ssh1.fetch_host_key contain a "key"
+  element, like that of ssh2.fetch_host_key. This fixed a crash in the
+  ssh-hostkey script reported by Dan Farmer and Florian Pelgrim. The
+  "key" element of ssh2.fetch_host_key now is base64-encoded, to match
+  the format used by the known_hosts file. [David Fifield]
+
 o [Nsock] Handle timers and timeouts via a priority queue (using a heap)
   for improved performance. Nsock now only iterates over events which are
   completed or expired instead of inspecting the entire event set at each
diff --git a/nselib/ssh1.lua b/nselib/ssh1.lua
index 3741aa3c3..61779e88a 100644
--- a/nselib/ssh1.lua
+++ b/nselib/ssh1.lua
@@ -52,7 +52,7 @@ end
 --- Fetch an SSH-1 host key.
 -- @param host Nmap host table.
 -- @param port Nmap port table.
--- @return A table with the following fields: <code>exp</code>,
+-- @return A table with the following fields: <code>key</code>, <code>exp</code>,
 -- <code>mod</code>, <code>bits</code>, <code>key_type</code>,
 -- <code>fp_input</code>, <code>full_key</code>, <code>algorithm</code>, and
 -- <code>fingerprint</code>.
@@ -102,6 +102,7 @@ fetch_host_key = function(host, port)
       fp_input = mod:tobin()..exp:tobin()
 
       return {exp=exp,mod=mod,bits=host_key_bits,key_type='rsa1',fp_input=fp_input,
+              key=exp:todec()..' '..mod:todec(),
               full_key=exp:todec()..' '..mod:todec(),algorithm="RSA1",
               fingerprint=openssl.md5(fp_input)}
     end