Bug 1972 - ssh-keygen fails to generate SSHFP for ECDSA but exits with 0 code
Summary: ssh-keygen fails to generate SSHFP for ECDSA but exits with 0 code
Status: CLOSED DUPLICATE of bug 1978
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh-keygen (show other bugs)
Version: 5.9p1
Hardware: All All
: P2 normal
Assignee: Assigned to nobody
URL:
Keywords: openbsd, patch
Depends on:
Blocks:
 
Reported: 2012-01-20 01:45 AEDT by Aleksey Morarash
Modified: 2015-08-11 23:05 AEST (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Aleksey Morarash 2012-01-20 01:45:04 AEDT
Compiled from sources openssh-5.9p1.

Steps to reproduce:

> $ ssh-keygen -t ecdsa -N "" -f test -q
> $ echo $?
> 0
> $ ls test*
> test test.pub
> $ ssh-keygen -r hostname -f test.pub
> ssh-keygen: export_dns_rr: unsupported algorithm
> $ echo $?
> 0

I understand that there is no RFC for ECDSA SSHFP records yet and ECDSA support in openssh is not full, but I expected non-zero exit code in such case.
Comment 2 Daniel Black 2012-07-17 16:47:00 AEST
ecdsa fingerprints now standardised rfc6594 and registered http://www.iana.org/assignments/dns-sshfp-rr-parameters/dns-sshfp-rr-parameters.xml

Patch:

https://git.nic.cz/redmine/projects/ietf/repository/revisions/master/changes/ssh-sshfp-ecdsa.patch

If that doesn't work your openssl doesn't have ecc support due to patent distribution restrictions.
Comment 3 Damien Miller 2012-07-17 16:54:36 AEST

*** This bug has been marked as a duplicate of bug 1978 ***
Comment 4 Damien Miller 2015-08-11 23:05:02 AEST
Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1