Bug#312312: woody->sarge upgrade updates ssh_host_key, but not ssh_host_key.pub
On Mon, Jul 04, 2005 at 09:18:31PM +1000, Vincent.McIntyre@csiro.au wrote:
> Colin Watson wrote:
> > I think I know what this might be. To confirm, could you compare the
> > actual host key material?
> >
> > ssh-keygen -l -f /etc/ssh/ssh_host_key
> > ssh-keygen -l -f /old/etc/ssh/ssh_host_key
> >
> > I'm betting that they're the same.
>
> yes, they are the same.
> I did an od -c of each and compared. There are only 4 bytes different,
> starting just after the root@hostname bit.
>
> byte# new old
> 277 247 *
> 300 235 356
> 301 247 *
> 302 235 356
> (octal)
>
> I want to say - unicode characters? But I don't get it.
It's almost certainly this:
check_idea_key() {
#check for old host_key files using IDEA, which openssh does not support
if [ -f /etc/ssh/ssh_host_key ] ; then
if ssh-keygen -p -N '' -f /etc/ssh/ssh_host_key 2>&1 | \
grep -q 'unknown cipher' 2>/dev/null ; then
mv /etc/ssh/ssh_host_key /etc/ssh/ssh_host_key.old
mv /etc/ssh/ssh_host_key.pub /etc/ssh/ssh_host_key.pub.old
fi
fi
}
(ignoring the dreadful formatting)
I'll fix this to use a temporary file instead.
Cheers,
--
Colin Watson [cjwatson@debian.org]
Reply to: