| Summary: | ssh-keygen fails to generate SSHFP for ECDSA but exits with 0 code | ||
|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Aleksey Morarash <aleksey.morarash> |
| Component: | ssh-keygen | Assignee: | Assigned to nobody <unassigned-bugs> |
| Status: | CLOSED DUPLICATE | ||
| Severity: | normal | CC: | bugzilla-m67, daniel.black, djm |
| Priority: | P2 | Keywords: | openbsd, patch |
| Version: | 5.9p1 | ||
| Hardware: | All | ||
| OS: | All | ||
ecdsa fingerprints now standardised rfc6594 and registered http://www.iana.org/assignments/dns-sshfp-rr-parameters/dns-sshfp-rr-parameters.xml Patch: https://git.nic.cz/redmine/projects/ietf/repository/revisions/master/changes/ssh-sshfp-ecdsa.patch If that doesn't work your openssl doesn't have ecc support due to patent distribution restrictions. *** This bug has been marked as a duplicate of bug 1978 *** Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1 |
Compiled from sources openssh-5.9p1. Steps to reproduce: > $ ssh-keygen -t ecdsa -N "" -f test -q > $ echo $? > 0 > $ ls test* > test test.pub > $ ssh-keygen -r hostname -f test.pub > ssh-keygen: export_dns_rr: unsupported algorithm > $ echo $? > 0 I understand that there is no RFC for ECDSA SSHFP records yet and ECDSA support in openssh is not full, but I expected non-zero exit code in such case.