In message <19991115105530.D12683 at alcove.wittsend.com>, "Michael H. Warfield" w rites:>Nov 15 10:45:38 alcove sshd[21731]: fatal: cipher_set_key: unknown cipher: 1We do not use IDEA in OpenSSH anymore, it is patented in most countries. Your private key is encrypted with it, change the passphrase with the old ssh to nothing, then change the passphrase with OpenSSH to someting new, that should get you going along. Niels.
Hello all, I've just tried my first attempt at migrating from ssh (1.2.27) to openssh. I got 1.2pre12 to compile and install from the source RPM's. Just ran into one royal pain of a problem. Sshd won't start! It doesn't seem to like my old host keys. I get the following error in syslog: Nov 15 10:45:38 alcove sshd[21731]: fatal: cipher_set_key: unknown cipher: 1 It does start up if I generate new keys for the host, but then all of the clients that connect are going to bitch to high heavens that the host key has changed and may not connecting to who they think they are. Now... What's wrong and how do I fix it? The logistics of blowing away everybodies ssh_known_hosts files for hosts and individuals makes regening keys impractical. Potentially, the number of hosts which would end up with new host keys are several dozen. The number of individuals who would have the subsequent "host keys has changed" error inflicted upon them could be several hundred. I couldn't find anything in any of the readme files regarding migration problems or solutions. Mike -- Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com (The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
On Mon, Nov 15, 1999 at 10:11:49AM -0500, Niels Provos wrote:> In message <19991115105530.D12683 at alcove.wittsend.com>, "Michael H. Warfield" w > rites: > >Nov 15 10:45:38 alcove sshd[21731]: fatal: cipher_set_key: unknown cipher: 1 > We do not use IDEA in OpenSSH anymore, it is patented in most > countries. Your private key is encrypted with it, change the > passphrase with the old ssh to nothing, then change the passphrase with > OpenSSH to someting new, that should get you going along.Actually, it's not necessary to go to quite that much trouble. The key to the problem was in a remark I saw in Tatu's ChangeLog around 1.8 about the key format change. You merely have to run the 1.2.27 ssh-keygen program with the -u option to update the encryption from idea to 3des. Tatu recognized the problem a long time ago, changed the default encryption, and added the -u option. I've just got a lot of servers that do go back that far and have host keys (which don't have passwords anyways, BTW) which are still encrypted with idea. I've just got to march through the lot with a script to make sure they are all up to date before I update ssh. Some of them would result in a loss of ability to update them (gee, I updated ssh and can no longer access that server on that other country).> Niels.Mike -- Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com (The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!