[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#845042: openssh-server: Generates invalid ecdsa host keys

On Sat, Nov 19, 2016 at 07:37:54PM +0100, Santiago Vila wrote:
> On some systems, openssh-server postinst fails to generate correct
> ECDSA host keys:
[...]
> ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKXa7AmJqSutzd/0xiKpHUb9Od0FZmGBOW7CowUItSeoa2Y7mz/K5V/PLUy6Xr/pxcMvIVMIwR4dt67ZPxSobHk= root@mymachine

It appears to be a problem with reading (and fingerprinting) the public
key rather than with generating it, perhaps?  At least, if I save that
public key to bad-ecdsa.pub and run "ssh-keygen -l -f ./bad-ecdsa.pub"
here, it seems quite happy with it.  That suggests that the output of
"ssh-keygen -vvv -l -f /etc/ssh/ssh_host_ecdsa_key.pub" on a system that
doesn't work would be of some use, perhaps under valgrind.

-- 
Colin Watson                                       [cjwatson@debian.org]
Reply to: