Bug#468204: marked as done (openssh-server: post-install script doesn't generate server keys)
Your message dated Wed, 27 Feb 2008 17:51:58 +0000
with message-id <20080227175158.GG16526@riva.ucam.org>
and subject line Re: Bug#468204: openssh-server: post-install script doesn't generate server keys
has caused the Debian Bug report #468204,
regarding openssh-server: post-install script doesn't generate server keys
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
468204: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468204
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: openssh-server
Version: 4.3p2-9
Severity: important
A 'clean' install of openssh-server package doesn't generate server
keys, presumably due to changes in how ssh-keygen works. Here's a
typescript log of the installation (cleaned up a bit, of course):
Script started on Wed 27 Feb 2008 11:11:42 AM CST
phoenix:/home/dave# apt-get install openssh-server
Reading package lists... Done
Building dependency tree... Done
Suggested packages:
ssh-askpass xbase-clients rssh molly-guard
The following NEW packages will be installed:
openssh-server
0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
Need to get 222kB of archives.
After unpacking 569kB of additional disk space will be used.
Get:1 http://mirrors.kernel.org etch/main openssh-server 1:4.3p2-9 [222kB]
Fetched 222kB in 10s (20.4kB/s)
Preconfiguring packages ...
Selecting previously deselected package openssh-server.
(Reading database ... 24493 files and directories currently installed.)
Unpacking openssh-server (from .../openssh-server_1%3a4.3p2-9_i386.deb) ...
Setting up openssh-server (4.3p2-9) ...
Creating SSH2 RSA key; this may take some time ...illegal option -- f
Usage: ssh-keygen [options] [key1 key2 ...]
Where `options' are:
-b nnn Specify key strength in bits (e.g. 1024)
-t dsa | rsa Choose the key type.
-c comment Provide the comment.
-e file Edit the comment/passphrase of the key.
-p passphrase Provide passphrase.
-P Assume empty passphrase.
-?
-h Print this help text.
-q Suppress the progress indicator.
-1 Convert a SSH 1.x key.
-i file Load and display information on `file'.
-D file Derive the public key from the private key 'file'.
-B number The number base for displaying key information (default 10).
-V Print ssh-keygen version number.
-r file Stir data from file to random pool.
-F file Dump fingerprint of file.
Creating SSH2 DSA key; this may take some time ...illegal option -- f
Usage: ssh-keygen [options] [key1 key2 ...]
Where `options' are:
-b nnn Specify key strength in bits (e.g. 1024)
-t dsa | rsa Choose the key type.
-c comment Provide the comment.
-e file Edit the comment/passphrase of the key.
-p passphrase Provide passphrase.
-P Assume empty passphrase.
-?
-h Print this help text.
-q Suppress the progress indicator.
-1 Convert a SSH 1.x key.
-i file Load and display information on `file'.
-D file Derive the public key from the private key 'file'.
-B number The number base for displaying key information (default 10).
-V Print ssh-keygen version number.
-r file Stir data from file to random pool.
-F file Dump fingerprint of file.
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_dsa_key
Restarting OpenBSD Secure Shell server: sshd
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_dsa_key
.
phoenix:/home/dave# exit
Script done on Wed 27 Feb 2008 11:12:08 AM CST
This can be worked around by generating the appropriate keys manually,
but it's always nice to have these things done by the installer when
possible.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
--- End Message ---
--- Begin Message ---
On Wed, Feb 27, 2008 at 11:16:46AM -0600, David E. Smith wrote:
> A 'clean' install of openssh-server package doesn't generate server
> keys, presumably due to changes in how ssh-keygen works.
Actually, this is due to a local problem with your system. I'll explain:
> Creating SSH2 RSA key; this may take some time ...illegal option -- f
> Usage: ssh-keygen [options] [key1 key2 ...]
>
> Where `options' are:
> -b nnn Specify key strength in bits (e.g. 1024)
> -t dsa | rsa Choose the key type.
> -c comment Provide the comment.
> -e file Edit the comment/passphrase of the key.
> -p passphrase Provide passphrase.
> -P Assume empty passphrase.
> -?
> -h Print this help text.
> -q Suppress the progress indicator.
> -1 Convert a SSH 1.x key.
> -i file Load and display information on `file'.
> -D file Derive the public key from the private key 'file'.
> -B number The number base for displaying key information (default 10).
> -V Print ssh-keygen version number.
> -r file Stir data from file to random pool.
> -F file Dump fingerprint of file.
This is the output from some other version of ssh-keygen. The one in the
version of openssh against which you reported this bug would say:
Usage: ssh-keygen [options]
Options:
-a trials Number of trials for screening DH-GEX moduli.
-B Show bubblebabble digest of key file.
-b bits Number of bits in the key to create.
-C comment Provide new comment.
-c Change comment in private and public key files.
-e Convert OpenSSH to IETF SECSH key file.
-F hostname Find hostname in known hosts file.
-f filename Filename of the key file.
-G file Generate candidates for DH-GEX moduli.
-g Use generic DNS resource record format.
-H Hash names in known_hosts file.
-i Convert IETF SECSH to OpenSSH key file.
-l Show fingerprint of key file.
-M memory Amount of memory (MB) to use for generating DH-GEX moduli.
-N phrase Provide new passphrase.
-P phrase Provide old passphrase.
-p Change passphrase of private key file.
-q Quiet.
-R hostname Remove host from known_hosts file.
-r hostname Print DNS resource record.
-S start Start point (hex) for generating DH-GEX moduli.
-T file Screen candidates for DH-GEX moduli.
-t type Specify type of key to create.
-v Verbose.
-W gen Generator to use for generating DH-GEX moduli.
-y Read private key file and print public key.
My guess is that this is a local installation of the commercial SSH from
ssh.com.
This is a conflict between two goals. One is that it should be possible
for the system administrator to override tools shipped by Debian by
placing local versions ahead of them in the $PATH. The other is that
Debian packages should install no matter what. Unfortunately it is
difficult to satisfy both of these simultaneously, and in general Debian
opts for the former approach and does not hardcode full paths to tools
used in maintainer scripts.
You should either make sure that local versions of tools do not clash
harmfully with those relied upon by maintainer scripts, or that those
tools are not on the $PATH while installing packages (e.g.
'PATH=/usr/sbin:/usr/bin:/sbin:/bin apt-get install openssh-server').
Cheers,
--
Colin Watson [cjwatson@debian.org]
--- End Message ---
Reply to: