Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 544078 - net-misc/openssh-6.8_p1[-ssh1]: `ssh-keygen -A` still tries to generate RSA1 keys
Summary: net-misc/openssh-6.8_p1[-ssh1]: `ssh-keygen -A` still tries to generate RSA1 ...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All All
: Normal minor
Assignee: Gentoo's Team for Core System packages
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-03-22 01:43 UTC by Thomas Deutschmann (RETIRED)
Modified: 2015-03-22 19:48 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann (RETIRED) gentoo-dev 2015-03-22 01:43:18 UTC
Hi,

since openssh-6.8 it is possible to remove entire SSH1 support with -SSH1 USE flag.

But booting a system without SSH1 will produce the following error on each boot

  ssh-keygen: generating new host keys: RSA1 Saving key "/etc/ssh/ssh_host_key" failed: unknown or unsupported key type


Reproducible: Always

Steps to Reproduce:
0. USE="-ssh1" emerge net-misc/openssh
1. Clear your SSH host keys (or start with a fresh host)
2. Boot or run "ssh-keygen -A"
Actual Results:  
ssh-keygen is complaining that it cannot create new RSA1 host key

Expected Results:  
No errors, ssh-keygen should not try to create an RSA1 key.

Looks like "ssh-keygen -A" doesn't know that we build without SSH1 support?


# emerge --info
Portage 2.2.18 (python 2.7.9-final-0, default/linux/amd64/13.0, gcc-4.9.2, glibc-2.20-r2, 3.19.2-gentoo x86_64)
=================================================================
System uname: Linux-3.19.2-gentoo-x86_64-Intel-R-_Atom-TM-_CPU_C2758_@_2.40GHz-with-gentoo-2.2
KiB Mem:    16406780 total,  16175736 free
KiB Swap:   16777212 total,  16777212 free
Timestamp of repository gentoo: Fri, 20 Mar 2015 23:45:01 +0000
sh bash 4.3_p33-r2
ld GNU ld (Gentoo 2.25 p1.0) 2.25
app-shells/bash:          4.3_p33-r2::gentoo
dev-lang/perl:            5.20.2::gentoo
dev-lang/python:          2.7.9-r2::gentoo, 3.3.5-r1::gentoo, 3.4.3::gentoo
dev-util/pkgconfig:       0.28-r2::gentoo
sys-apps/baselayout:      2.2::gentoo
sys-apps/openrc:          0.13.11::gentoo
sys-apps/sandbox:         2.6-r1::gentoo
sys-devel/autoconf:       2.69-r1::gentoo
sys-devel/automake:       1.13.4::gentoo, 1.14.1::gentoo, 1.15::gentoo
sys-devel/binutils:       2.25::gentoo
sys-devel/gcc:            4.9.2::gentoo
sys-devel/gcc-config:     1.8::gentoo
sys-devel/libtool:        2.4.6-r1::gentoo
sys-devel/make:           4.1-r1::gentoo
sys-kernel/linux-headers: 3.19::gentoo (virtual/os-headers)
sys-libs/glibc:           2.20-r2::gentoo

ABI="amd64"
ABI_X86="64"
ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="* -@EULA"
ACCEPT_PROPERTIES="*"
ACCEPT_RESTRICT="*"
ARCH="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe -march=silvermont -mtune=silvermont -mprfchw -mrdrnd"
CFLAGS_amd64="-m64"
CFLAGS_x32="-mx32"
CFLAGS_x86="-m32"
CHOST="x86_64-pc-linux-gnu"
CHOST_amd64="x86_64-pc-linux-gnu"
CHOST_x32="x86_64-pc-linux-gnux32"
CHOST_x86="i686-pc-linux-gnu"
CPU_FLAGS_X86="aes mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3"
CXXFLAGS="-O2 -pipe -march=silvermont -mtune=silvermont -mprfchw -mrdrnd"
DEFAULT_ABI="amd64"
EPREFIX=""
EROOT="/"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs cgroup config-protect-if-modified distlocks downgrade-backup ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync"
Comment 1 SpanKY gentoo-dev 2015-03-22 05:41:29 UTC
did you build openssh with USE=-ssl too ?  please post `emerge -pv openssh`.
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2015-03-22 12:49:50 UTC
No, *with* SSL:

net-misc/openssh-6.8_p1-r1::gentoo was built with the following:
USE="hpn pam pie ssl -X -X509 -bindist -kerberos -ldap -ldns -libedit -sctp (-selinux) -skey -ssh1 -static" ABI_X86="64"
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2015-03-22 19:13:10 UTC
FYI: Your patch works for me, thanks!
Comment 4 SpanKY gentoo-dev 2015-03-22 19:48:39 UTC
should be all set now in the tree; thanks for the report!

Commit message: Fix ssh-keygen -A behavior when USE=-ssh1
http://sources.gentoo.org/net-misc/openssh/files/openssh-6.8_p1-ssh-keygen-no-ssh1.patch?rev=1.1
http://sources.gentoo.org/net-misc/openssh/openssh-6.8_p1-r2.ebuild?rev=1.1