ssh-keygen will now refuse to create one of the keys specified in the rc.d script showing this output at a restart. Generating public/private rsa1 key pair. Saving key "/usr/local/etc/ssh/ssh_host_key" failed: unknown or unsupported key type You already have a DSA host key in /usr/local/etc/ssh/ssh_host_dsa_key Skipping protocol version 2 DSA Key Generation You already have a RSA host key in /usr/local/etc/ssh/ssh_host_rsa_key Skipping protocol version 2 RSA Key Generation You already have a Elliptic Curve DSA host key in /usr/local/etc/ssh/ssh_host_ecdsa_key Skipping protocol version 2 Elliptic Curve DSA Key Generation You already have a Elliptic Curve ED25519 host key in /usr/local/etc/ssh/ssh_host_ed25519_key Skipping protocol version 2 Elliptic Curve ED25519 Key Generation Performing sanity check on openssh configuration. Stopping openssh. Waiting for PIDS: 72833. Generating public/private rsa1 key pair. Saving key "/usr/local/etc/ssh/ssh_host_key" failed: unknown or unsupported key type You already have a DSA host key in /usr/local/etc/ssh/ssh_host_dsa_key Skipping protocol version 2 DSA Key Generation You already have a RSA host key in /usr/local/etc/ssh/ssh_host_rsa_key Skipping protocol version 2 RSA Key Generation You already have a Elliptic Curve DSA host key in /usr/local/etc/ssh/ssh_host_ecdsa_key Skipping protocol version 2 Elliptic Curve DSA Key Generation You already have a Elliptic Curve ED25519 host key in /usr/local/etc/ssh/ssh_host_ed25519_key Skipping protocol version 2 Elliptic Curve ED25519 Key Generation Performing sanity check on openssh configuration. Starting openssh. If one key is missing it tries to regenerate "all" keys hence the mess. The fix is to edit the rc.d script from openssh_keygen() { if [ -f /usr/local/etc/ssh/ssh_host_key -a \ -f /usr/local/etc/ssh/ssh_host_dsa_key -a \ -f /usr/local/etc/ssh/ssh_host_rsa_key -a \ -f /usr/local/etc/ssh/ssh_host_ecdsa_key -a \ -f /usr/local/etc/ssh/ssh_host_ed25519_key ]; then return 0 fi to openssh_keygen() { if [ -f /usr/local/etc/ssh/ssh_host_dsa_key -a \ -f /usr/local/etc/ssh/ssh_host_rsa_key -a \ -f /usr/local/etc/ssh/ssh_host_ecdsa_key -a \ -f /usr/local/etc/ssh/ssh_host_ed25519_key ]; then return 0 fi not sure if this is related to bug 202169 so filed a new report.
i'll update the patches on my PR momentarily to reflect the fix offered in this one.
A commit references this bug: Author: bdrewery Date: Thu Sep 24 21:54:41 UTC 2015 New revision: 397771 URL: https://svnweb.freebsd.org/changeset/ports/397771 Log: Stop trying to create the RSA protocol 1 key from the rc.d file. It is no longer supported by default since 7.0. [1] I do plan to make this configurable based on PR 202169 [2] soon. PR: 202792 [1] PR: 202169 [2] Submitted by: chrysalis@chrysalisnet.org [1] Changes: head/security/openssh-portable/Makefile head/security/openssh-portable/files/openssh.in
Thanks!
A commit references this bug: Author: bdrewery Date: Thu Sep 24 22:05:25 UTC 2015 New revision: 397772 URL: https://svnweb.freebsd.org/changeset/ports/397772 Log: - Update to latest snapshot. - Remove obsoleted RSA Protocol 1 ssh_host_key support from the rc script [1] PR: 202792 [1] Changes: head/security/openssh-portable-devel/Makefile head/security/openssh-portable-devel/distinfo head/security/openssh-portable-devel/files/extra-patch-hpn head/security/openssh-portable-devel/files/openssh.in