Michael Felt
2015-Apr-01 21:45 UTC
What did I miss when building openssh? cannot generate ecdsa key
I am assuming this is a user error (and the bug, if any is in configure not
telling me how to activate it).
I regularly see a message:
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
And, obviously, I have never made the key before.
I tried the following:
./ssh-keygen -t ecdsa -fssh_host_esdsa_key -N ""
unknown key type ecdsa
However, the syntax says it is a known type
root at x064:[/data/prj/openbsd/openssh/openssh-6.8p1]./ssh-keygen -?
unknown option -- ?
usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
[-N new_passphrase] [-C comment] [-f output_keyfile]
...
What did I miss?
regards,
Michael Felt
p.s. make check|tests - they all passed.
p.p.s. - this is built against an ancient openssl, so maybe the problem is
there.
OpenSSH_6.8p1, OpenSSL 0.9.8k 25 Mar 2009
And, yes - I know I newer openssl is much better, but this is taking a
system where it is at - i.e., I assume openssl is not yet upgraded. will be
trying against openssl-1.something tomorrow.
Scott Neugroschl
2015-Apr-01 21:53 UTC
What did I miss when building openssh? cannot generate ecdsa key
I think that you're right about the OpenSSL. ISTR that ECC didn't
appear until the 1.0.0 series.
-----Original Message-----
From: openssh-unix-dev [mailto:openssh-unix-dev-bounces+scott_n=xypro.com at
mindrot.org] On Behalf Of Michael Felt
Sent: Wednesday, April 01, 2015 2:45 PM
To: OpenSSH Devel List
Subject: What did I miss when building openssh? cannot generate ecdsa key
I am assuming this is a user error (and the bug, if any is in configure not
telling me how to activate it).
I regularly see a message:
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
And, obviously, I have never made the key before.
I tried the following:
./ssh-keygen -t ecdsa -fssh_host_esdsa_key -N ""
unknown key type ecdsa
However, the syntax says it is a known type
root at x064:[/data/prj/openbsd/openssh/openssh-6.8p1]./ssh-keygen -?
unknown option -- ?
usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
[-N new_passphrase] [-C comment] [-f output_keyfile] ...
What did I miss?
regards,
Michael Felt
p.s. make check|tests - they all passed.
p.p.s. - this is built against an ancient openssl, so maybe the problem is
there.
OpenSSH_6.8p1, OpenSSL 0.9.8k 25 Mar 2009
And, yes - I know I newer openssl is much better, but this is taking a system
where it is at - i.e., I assume openssl is not yet upgraded. will be trying
against openssl-1.something tomorrow.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev at mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
mancha
2015-Apr-01 22:22 UTC
What did I miss when building openssh? cannot generate ecdsa key
On Wed, Apr 01, 2015 at 09:53:13PM +0000, Scott Neugroschl wrote:> I think that you're right about the OpenSSL. ISTR that ECC didn't > appear until the 1.0.0 series. > > -----Original Message----- From: openssh-unix-dev > [mailto:openssh-unix-dev-bounces+scott_n=xypro.com at mindrot.org] On > Behalf Of Michael Felt Sent: Wednesday, April 01, 2015 2:45 PM To: > OpenSSH Devel List Subject: What did I miss when building openssh? > cannot generate ecdsa key > > I am assuming this is a user error (and the bug, if any is in > configure not telling me how to activate it). > > I regularly see a message: Could not load host key: > /etc/ssh/ssh_host_ecdsa_key > > And, obviously, I have never made the key before. > > I tried the following: ./ssh-keygen -t ecdsa -fssh_host_esdsa_key -N > "" unknown key type ecdsa > > However, the syntax says it is a known type > > root at x064:[/data/prj/openbsd/openssh/openssh-6.8p1]./ssh-keygen -? > unknown option -- ? usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa > | ed25519 | rsa | rsa1] [-N new_passphrase] [-C comment] [-f > output_keyfile] ... > > What did I miss? > > regards, Michael Felt > > p.s. make check|tests - they all passed. > > p.p.s. - this is built against an ancient openssl, so maybe the > problem is there. OpenSSH_6.8p1, OpenSSL 0.9.8k 25 Mar 2009 > > And, yes - I know I newer openssl is much better, but this is taking a > system where it is at - i.e., I assume openssl is not yet upgraded. > will be trying against openssl-1.something tomorrow.Actually, you should be OK with OpenSSL 0.9.8 (as long as it's post 0.9.8f, iirc). Try compiling and running the attached. --mancha -------------- next part -------------- /* gcc -o ecc ecc.c -lcrypto -lssl */ #include <openssl/ec.h> #include <openssl/ecdh.h> #include <openssl/ecdsa.h> #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/opensslv.h> int main () { EC_KEY *ecdh = NULL; const EVP_MD *md; ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); ecdh = EC_KEY_new_by_curve_name(NID_secp384r1); ecdh = EC_KEY_new_by_curve_name(NID_secp521r1); md = EVP_sha256(); md = EVP_sha384(); md = EVP_sha512(); return 0; } -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20150401/bab601e5/attachment.bin>
Damien Miller
2015-Apr-02 02:30 UTC
What did I miss when building openssh? cannot generate ecdsa key
Yes, your OpenSSL probably lacks EC support. You shouldn't see the "Could not load host key" unless there is a Hostkey line in sshd_config referencing that key. On Wed, 1 Apr 2015, Michael Felt wrote:> I am assuming this is a user error (and the bug, if any is in configure not > telling me how to activate it). > > I regularly see a message: > Could not load host key: /etc/ssh/ssh_host_ecdsa_key > > And, obviously, I have never made the key before. > > I tried the following: > ./ssh-keygen -t ecdsa -fssh_host_esdsa_key -N "" > unknown key type ecdsa > > However, the syntax says it is a known type > > root at x064:[/data/prj/openbsd/openssh/openssh-6.8p1]./ssh-keygen -? > unknown option -- ? > usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1] > [-N new_passphrase] [-C comment] [-f output_keyfile] > ... > > What did I miss? > > regards, > Michael Felt > > p.s. make check|tests - they all passed. > > p.p.s. - this is built against an ancient openssl, so maybe the problem is > there. > OpenSSH_6.8p1, OpenSSL 0.9.8k 25 Mar 2009 > > And, yes - I know I newer openssl is much better, but this is taking a > system where it is at - i.e., I assume openssl is not yet upgraded. will be > trying against openssl-1.something tomorrow. > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >
Reasonably Related Threads
- [Bug 2371] New: make check fails when using --without-openssl on AIX
- [Bug 2371] New: make check fails when using --without-openssl on AIX
- Subsystem sftp invoked even though forced command created
- [patch/Cygwin]: Simplify host key generation in ssh-host-config script
- ssh-ed25519 and ecdsa-sha2-nistp256 host keys