Bug#845042: openssh-server: Generates invalid ecdsa host keys

[Santiago Vila <sanvila@unex.es>]

On Sat, 19 Nov 2016, Colin Watson wrote:

> On Sat, Nov 19, 2016 at 07:37:54PM +0100, Santiago Vila wrote:
> > On some systems, openssh-server postinst fails to generate correct
> > ECDSA host keys:
> [...]
> > ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKXa7AmJqSutzd/0xiKpHUb9Od0FZmGBOW7CowUItSeoa2Y7mz/K5V/PLUy6Xr/pxcMvIVMIwR4dt67ZPxSobHk= root@mymachine
> 
> It appears to be a problem with reading (and fingerprinting) the public
> key rather than with generating it, perhaps?  At least, if I save that
> public key to bad-ecdsa.pub and run "ssh-keygen -l -f ./bad-ecdsa.pub"
> here, it seems quite happy with it.  That suggests that the output of
> "ssh-keygen -vvv -l -f /etc/ssh/ssh_host_ecdsa_key.pub" on a system that
> doesn't work would be of some use, perhaps under valgrind.

# ssh-keygen -vvv -l -f /etc/ssh/ssh_host_ecdsa_key.pub
debug1: /etc/ssh/ssh_host_ecdsa_key.pub:1: not a public key
/etc/ssh/ssh_host_ecdsa_key.pub is not a public key file.

I'll try with valgrind, but first I'll try memtest when nobody is
using the host machine to be sure this is not a hardware problem.

The slow disk I/O in this virtual machine was the result of having
the VT feature disabled in the BIOS. Now it's working as expected
and the postinst still generates wrong ssh keys (so those two things
do not seem to be related after all).

Will continue to investigate.

Thanks.