Bug 2369

Summary:

`ssh-keygen -A` errors on RSA1 when building with SSH1 disabled

Product:

Portable OpenSSH

Reporter:

Mike Frysinger <vapier>

Component:

ssh-keygen

Assignee:

Assigned to nobody <unassigned-bugs>

Status:

CLOSED FIXED

Severity:

normal

CC:

djm, dtucker

Priority:

Version:

6.8p1

Hardware:

All

OS:

All

See Also:

https://bugs.gentoo.org/show_bug.cgi?id=544078

Bug Depends on:

Bug Blocks:

2360

Attachments:

Description	Flags
openssh-6.8_p1-ssh-keygen-no-ssh1.patch	none

Description Mike Frysinger 2015-03-23 05:55:42 AEDT

sshkey.c:sshkey_private_to_fileblob disables support for RSA1 when SSH1 support has been disabled:
    switch (key->type) {
#ifdef WITH_SSH1
    case KEY_RSA1:
        return sshkey_private_rsa1_to_blob(key, blob,
            passphrase, comment);
#endif /* WITH_SSH1 */

but ssh-keygen.c will still include RSA1:
static void
do_gen_all_hostkeys(struct passwd *pw)
{
    struct {
        char *key_type;
        char *key_type_display;
        char *path;
    } key_types[] = {
        { "rsa1", "RSA1", _PATH_HOST_KEY_FILE },

which leads to runtime errors like:
  ssh-keygen: generating new host keys: RSA1 Saving key "/etc/ssh/ssh_host_key" failed: unknown or unsupported key type

Comment 1 Mike Frysinger 2015-03-23 05:56:41 AEDT

Created attachment 2574 [details]
openssh-6.8_p1-ssh-keygen-no-ssh1.patch

Comment 2 Damien Miller 2015-03-23 17:11:27 AEDT

Similar patch applied (on master an V_6_8 branches) - it was also wrong for the !OpenSSL case.

Thanks

Comment 3 Damien Miller 2015-08-11 23:03:06 AEST

Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1