Hi, since openssh-6.8 it is possible to remove entire SSH1 support with -SSH1 USE flag. But booting a system without SSH1 will produce the following error on each boot ssh-keygen: generating new host keys: RSA1 Saving key "/etc/ssh/ssh_host_key" failed: unknown or unsupported key type Reproducible: Always Steps to Reproduce: 0. USE="-ssh1" emerge net-misc/openssh 1. Clear your SSH host keys (or start with a fresh host) 2. Boot or run "ssh-keygen -A" Actual Results: ssh-keygen is complaining that it cannot create new RSA1 host key Expected Results: No errors, ssh-keygen should not try to create an RSA1 key. Looks like "ssh-keygen -A" doesn't know that we build without SSH1 support? # emerge --info Portage 2.2.18 (python 2.7.9-final-0, default/linux/amd64/13.0, gcc-4.9.2, glibc-2.20-r2, 3.19.2-gentoo x86_64) ================================================================= System uname: Linux-3.19.2-gentoo-x86_64-Intel-R-_Atom-TM-_CPU_C2758_@_2.40GHz-with-gentoo-2.2 KiB Mem: 16406780 total, 16175736 free KiB Swap: 16777212 total, 16777212 free Timestamp of repository gentoo: Fri, 20 Mar 2015 23:45:01 +0000 sh bash 4.3_p33-r2 ld GNU ld (Gentoo 2.25 p1.0) 2.25 app-shells/bash: 4.3_p33-r2::gentoo dev-lang/perl: 5.20.2::gentoo dev-lang/python: 2.7.9-r2::gentoo, 3.3.5-r1::gentoo, 3.4.3::gentoo dev-util/pkgconfig: 0.28-r2::gentoo sys-apps/baselayout: 2.2::gentoo sys-apps/openrc: 0.13.11::gentoo sys-apps/sandbox: 2.6-r1::gentoo sys-devel/autoconf: 2.69-r1::gentoo sys-devel/automake: 1.13.4::gentoo, 1.14.1::gentoo, 1.15::gentoo sys-devel/binutils: 2.25::gentoo sys-devel/gcc: 4.9.2::gentoo sys-devel/gcc-config: 1.8::gentoo sys-devel/libtool: 2.4.6-r1::gentoo sys-devel/make: 4.1-r1::gentoo sys-kernel/linux-headers: 3.19::gentoo (virtual/os-headers) sys-libs/glibc: 2.20-r2::gentoo ABI="amd64" ABI_X86="64" ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="* -@EULA" ACCEPT_PROPERTIES="*" ACCEPT_RESTRICT="*" ARCH="amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -march=silvermont -mtune=silvermont -mprfchw -mrdrnd" CFLAGS_amd64="-m64" CFLAGS_x32="-mx32" CFLAGS_x86="-m32" CHOST="x86_64-pc-linux-gnu" CHOST_amd64="x86_64-pc-linux-gnu" CHOST_x32="x86_64-pc-linux-gnux32" CHOST_x86="i686-pc-linux-gnu" CPU_FLAGS_X86="aes mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" CXXFLAGS="-O2 -pipe -march=silvermont -mtune=silvermont -mprfchw -mrdrnd" DEFAULT_ABI="amd64" EPREFIX="" EROOT="/" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs cgroup config-protect-if-modified distlocks downgrade-backup ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync"
did you build openssh with USE=-ssl too ? please post `emerge -pv openssh`.
No, *with* SSL: net-misc/openssh-6.8_p1-r1::gentoo was built with the following: USE="hpn pam pie ssl -X -X509 -bindist -kerberos -ldap -ldns -libedit -sctp (-selinux) -skey -ssh1 -static" ABI_X86="64"
FYI: Your patch works for me, thanks!
should be all set now in the tree; thanks for the report! Commit message: Fix ssh-keygen -A behavior when USE=-ssh1 http://sources.gentoo.org/net-misc/openssh/files/openssh-6.8_p1-ssh-keygen-no-ssh1.patch?rev=1.1 http://sources.gentoo.org/net-misc/openssh/openssh-6.8_p1-r2.ebuild?rev=1.1
