Package: openssh-server Version: 1:7.1p2-1 Severity: serious Justification: Package fails to install Hi! In contrast to the default version shipped in the package, my /etc/ssh/sshd_config doesn't contain a "Protocol" line since I'm happy with the default (which is '2' according to the man page). However, openssh-server's postinst contains these linese: 76 host_keys_required() { 77 hostkeys="$(get_config_option HostKey)" 78 if [ "$hostkeys" ]; then 79 echo "$hostkeys" 80 else 81 # No HostKey directives at all, so the server picks some 82 # defaults depending on the setting of Protocol. 83 protocol="$(get_config_option Protocol)" 84 [ "$protocol" ] || protocol=1,2 85 if echo "$protocol" | grep 1 >/dev/null; then 86 echo /etc/ssh/ssh_host_key 87 fi [...] 95 } 96 97 98 create_key() { [...] 105 106 if echo "$hostkeys" | grep -x "$file" >/dev/null && \ 107 [ ! -f "$file" ] ; then 108 echo -n $msg 109 ssh-keygen -q -f "$file" -N '' "$@" [...] 115 fi 116 } This results in this: root@shepard:~# apt-get -f install Reading package lists... Done Building dependency tree Reading state information... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 1 not fully installed or removed. After this operation, 0 B of additional disk space will be used. Setting up openssh-server (1:7.1p2-1) ... Creating SSH1 key; this may take some time ...Saving key "/etc/ssh/ssh_host_key" failed: unknown or unsupported key type dpkg: error processing package openssh-server (--configure): subprocess installed post-installation script returned error exit status 1 Errors were encountered while processing: openssh-server E: Sub-process /usr/bin/dpkg returned an error code (1) root@shepard:~# The reason is that this command fails: root@shepard:~# ssh-keygen -q -f /etc/ssh/ssh_host_key -N '' -t rsa1 Saving key "/etc/ssh/ssh_host_key" failed: unknown or unsupported key type root@shepard:~# A quick search leads to this upstream bug report: https://bugzilla.mindrot.org/show_bug.cgi?id=2369 To sum things up: It seems that the logic in the postinst script which is emulating the "-A" option of ssh-keygen is buggy and therefore ran into the exact same problem as described in the bug report above. Please consider either defaulting to protocol 2 only in the postinst (line 84) or (IMHO better) switch to the "-A" option of ssh-keygen. Best regards Alexander Kurtz
Attachment:
signature.asc
Description: This is a digitally signed message part