Bug 3011

Summary: OPEN-SSH-8.0p1-KeyCompatibility Problem
Product: Portable OpenSSH Reporter: Karthik Adiga <karthikadiga123>
Component: sshdAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED WONTFIX    
Severity: enhancement CC: djm, jjelen
Priority: P5    
Version: 8.0p1   
Hardware: Other   
OS: Windows 10   

Description Karthik Adiga 2019-05-16 20:38:51 AEST 
Keys generated with 8.0p1 server is rebooted and made up with 5.3p1 server. But sshd is not able to read the keys generated with new version 8.0p1. How to fix this problem?

LOGS:
=====
========================
debug3: checking syntax for 'Match (null)'
debug1: sshd version OpenSSH_5.3p1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Could not load host key: /etc/ssh/ssh_host_rsa_key
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Could not load host key: /etc/ssh/ssh_host_dsa_key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.
Comment 1 Jakub Jelen 2019-05-16 21:48:12 AEST 
The OpenSSH since 7.8 generate new keys in the new format that is not understood by OpenSSH 5.3. The release notes [1] explain it in a whole:

 * ssh-keygen(1): write OpenSSH format private keys by default
   instead of using OpenSSL's PEM format. The OpenSSH format,
   supported in OpenSSH releases since 2014 and described in the
   PROTOCOL.key file in the source distribution, offers substantially
   better protection against offline password guessing and supports
   key comments in private keys. If necessary, it is possible to write
   old PEM-style keys by adding "-m PEM" to ssh-keygen's arguments
   when generating or updating a key.

[1] http://www.openssh.com/txt/release-7.8
Comment 2 Karthik Adiga 2019-05-21 14:43:20 AEST 
Thanks Jakub.
Comment 3 Damien Miller 2021-04-23 15:03:31 AEST 
closing resolved bugs as of 8.6p1 release