Phil Dibowitz
2003-Jun-07 04:37 UTC
openssh reading only SOME ssh1 hostkeys from ssh.com ssh
Hey folks, I've asked this on the security focus mailing list, but no one seems to know... I'm in the process of moving my company from old crufty ssh.com ssh1 to openssh. On most of our hosts, we've created rsa and dsa keys but managed to KEEP the old rsa1 key... However, on a few hosts, openssh has been unable to read the old rsa1 key and has claimed: debug1: Unsupported cipher 1 used in key file /etc/ssh/ssh_host_key. Could not load host key: /etc/ssh/ssh_host_key Does anyone know why it is that openssh has this problem only sometimes, and if there is a way to fix it? Thanks, -- Phil Dibowitz phil at ipom.com Freeware and Technical Pages Insanity Palace of Metallica http://www.phildev.net/ http://www.ipom.com/ "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin, 1759
Darren Tucker
2003-Jun-07 06:04 UTC
openssh reading only SOME ssh1 hostkeys from ssh.com ssh
Phil Dibowitz wrote:> However, on a few hosts, openssh has been unable to read the old rsa1 > key and has claimed: > > debug1: Unsupported cipher 1 used in key file /etc/ssh/ssh_host_key. > Could not load host key: /etc/ssh/ssh_host_key > > Does anyone know why it is that openssh has this problem only sometimes, > and if there is a way to fix it?I think that's because those keys are encrypted with IDEA, which OpenSSH does not support for patent reasons. You can use ssh-keygen *from commercial ssh* to convert the keys. See http://www.openssh.com/faq.html#2.5 -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.