Bug 202792 - security/openssh-portable tries to generate obselete key type at startup.
Summary: security/openssh-portable tries to generate obselete key type at startup.
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Bryan Drewery
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-08-31 15:39 UTC by Chris Collins
Modified: 2015-09-24 22:06 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (bdrewery)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Collins 2015-08-31 15:39:44 UTC
ssh-keygen will now refuse to create one of the keys specified in the rc.d script showing this output at a restart.

Generating public/private rsa1 key pair.
Saving key "/usr/local/etc/ssh/ssh_host_key" failed: unknown or unsupported key type
You already have a DSA host key in /usr/local/etc/ssh/ssh_host_dsa_key
Skipping protocol version 2 DSA Key Generation
You already have a RSA host key in /usr/local/etc/ssh/ssh_host_rsa_key
Skipping protocol version 2 RSA Key Generation
You already have a Elliptic Curve DSA host key in /usr/local/etc/ssh/ssh_host_ecdsa_key
Skipping protocol version 2 Elliptic Curve DSA Key Generation
You already have a Elliptic Curve ED25519 host key in /usr/local/etc/ssh/ssh_host_ed25519_key
Skipping protocol version 2 Elliptic Curve ED25519 Key Generation
Performing sanity check on openssh configuration.
Stopping openssh.
Waiting for PIDS: 72833.
Generating public/private rsa1 key pair.
Saving key "/usr/local/etc/ssh/ssh_host_key" failed: unknown or unsupported key type
You already have a DSA host key in /usr/local/etc/ssh/ssh_host_dsa_key
Skipping protocol version 2 DSA Key Generation
You already have a RSA host key in /usr/local/etc/ssh/ssh_host_rsa_key
Skipping protocol version 2 RSA Key Generation
You already have a Elliptic Curve DSA host key in /usr/local/etc/ssh/ssh_host_ecdsa_key
Skipping protocol version 2 Elliptic Curve DSA Key Generation
You already have a Elliptic Curve ED25519 host key in /usr/local/etc/ssh/ssh_host_ed25519_key
Skipping protocol version 2 Elliptic Curve ED25519 Key Generation
Performing sanity check on openssh configuration.
Starting openssh.

If one key is missing it tries to regenerate "all" keys hence the mess.

The fix is to edit the rc.d script from

openssh_keygen()
{
       if [ -f /usr/local/etc/ssh/ssh_host_key -a \
            -f /usr/local/etc/ssh/ssh_host_dsa_key -a \
            -f /usr/local/etc/ssh/ssh_host_rsa_key -a \
            -f /usr/local/etc/ssh/ssh_host_ecdsa_key -a \
            -f /usr/local/etc/ssh/ssh_host_ed25519_key ]; then
                return 0
        fi

to

openssh_keygen()
{
        if [ -f /usr/local/etc/ssh/ssh_host_dsa_key -a \
            -f /usr/local/etc/ssh/ssh_host_rsa_key -a \
            -f /usr/local/etc/ssh/ssh_host_ecdsa_key -a \
            -f /usr/local/etc/ssh/ssh_host_ed25519_key ]; then
                return 0
        fi

not sure if this is related to bug 202169 so filed a new report.
Comment 1 Chad Jacob Milios 2015-08-31 19:50:49 UTC
i'll update the patches on my PR momentarily to reflect the fix offered in this one.
Comment 2 commit-hook freebsd_committer 2015-09-24 21:55:05 UTC
A commit references this bug:

Author: bdrewery
Date: Thu Sep 24 21:54:41 UTC 2015
New revision: 397771
URL: https://svnweb.freebsd.org/changeset/ports/397771

Log:
  Stop trying to create the RSA protocol 1 key from the rc.d file.  It is no
  longer supported by default since 7.0. [1]

  I do plan to make this configurable based on PR 202169 [2] soon.

  PR:		202792 [1]
  PR:		202169 [2]
  Submitted by:	chrysalis@chrysalisnet.org [1]

Changes:
  head/security/openssh-portable/Makefile
  head/security/openssh-portable/files/openssh.in
Comment 3 Bryan Drewery freebsd_committer 2015-09-24 21:55:59 UTC
Thanks!
Comment 4 commit-hook freebsd_committer 2015-09-24 22:06:09 UTC
A commit references this bug:

Author: bdrewery
Date: Thu Sep 24 22:05:25 UTC 2015
New revision: 397772
URL: https://svnweb.freebsd.org/changeset/ports/397772

Log:
  - Update to latest snapshot.
  - Remove obsoleted RSA Protocol 1 ssh_host_key support from the rc script [1]

  PR:		202792 [1]

Changes:
  head/security/openssh-portable-devel/Makefile
  head/security/openssh-portable-devel/distinfo
  head/security/openssh-portable-devel/files/extra-patch-hpn
  head/security/openssh-portable-devel/files/openssh.in