On Sun, Jan 19, 2014 at 9:50 PM, Damien Miller <djm at mindrot.org> wrote: [...] > Those lines don't contain the actual error message. There should be a > failed-regress.log in the regress/ directory that shows the full test > log and failure. The one of failed-ssh.log and failed-sshd.log files > might also contain some clues. run test cert-hostkey.sh ... certified host keys: sign host rsa cert certified host keys: sign host rsa_v00 cert certified host keys: sign host dsa cert certified host keys: sign host dsa_v00 cert certified host keys: sign host ed25519 cert certified host keys: sign host ecdsa-sha2-nistp256 cert certified host keys: sign host ecdsa-sha2-nistp384 cert certified host keys: host rsa cert connect privsep yes certified host keys: host dsa cert connect privsep yes certified host keys: host ed25519 cert connect privsep yes certified host keys: host ecdsa-sha2-nistp256 cert connect privsep yes certified host keys: host ecdsa-sha2-nistp384 cert connect privsep yes certified host keys: host rsa_v00 cert connect privsep yes certified host keys: host dsa_v00 cert connect privsep yes certified host keys: host rsa cert connect privsep no certified host keys: host dsa cert connect privsep no certified host keys: host ed25519 cert connect privsep no certified host keys: host ecdsa-sha2-nistp256 cert connect privsep no certified host keys: host ecdsa-sha2-nistp384 cert connect privsep no certified host keys: host rsa_v00 cert connect privsep no certified host keys: host dsa_v00 cert connect privsep no cat: /root/openssh/regress/cert_host_key_ecdsa-sha2-nistp521.pub: No such file or directory certified host keys: host rsa revoked cert privsep yes certified host keys: host dsa revoked cert privsep yes certified host keys: host ed25519 revoked cert privsep yes ssh cert connect succeeded unexpectedly certified host keys: host ecdsa-sha2-nistp256 revoked cert privsep yes certified host keys: host ecdsa-sha2-nistp384 revoked cert privsep yes certified host keys: host rsa_v00 revoked cert privsep yes certified host keys: host dsa_v00 revoked cert privsep yes certified host keys: host rsa revoked cert privsep no certified host keys: host dsa revoked cert privsep no certified host keys: host ed25519 revoked cert privsep no ssh cert connect succeeded unexpectedly certified host keys: host ecdsa-sha2-nistp256 revoked cert privsep no certified host keys: host ecdsa-sha2-nistp384 revoked cert privsep no certified host keys: host rsa_v00 revoked cert privsep no certified host keys: host dsa_v00 revoked cert privsep no certified host keys: host rsa revoked cert certified host keys: host dsa revoked cert certified host keys: host ed25519 revoked cert certified host keys: host ecdsa-sha2-nistp256 revoked cert certified host keys: host ecdsa-sha2-nistp384 revoked cert certified host keys: host rsa_v00 revoked cert certified host keys: host dsa_v00 revoked cert certified host keys: host cert connect user-certificate rsa expect failure certified host keys: host cert connect user-certificate rsa_v00 expect failure certified host keys: host cert connect empty principals rsa expect success certified host keys: host cert connect empty principals rsa_v00 expect success certified host keys: host cert connect wrong principals rsa expect failure certified host keys: host cert connect wrong principals rsa_v00 expect failure certified host keys: host cert connect cert not yet valid rsa expect failure certified host keys: host cert connect cert not yet valid rsa_v00 expect failure certified host keys: host cert connect cert expired rsa expect failure certified host keys: host cert connect cert expired rsa_v00 expect failure certified host keys: host cert connect cert valid interval rsa expect success certified host keys: host cert connect cert valid interval rsa_v00 expect success certified host keys: host cert connect cert has constraints rsa expect failure certified host keys: host cert connect cert has constraints rsa_v00 expect failure certified host keys: host rsa v01 cert downgrade to raw key certified host keys: host dsa v01 cert downgrade to raw key certified host keys: host rsa v00 cert downgrade to raw key certified host keys: host dsa v00 cert downgrade to raw key certified host keys: host rsa connect wrong cert certified host keys: host dsa connect wrong cert certified host keys: host rsa connect wrong cert certified host keys: host dsa connect wrong cert failed certified host keys make[1]: *** [t-exec] Error 1 make[1]: Leaving directory `/root/openssh/regress' make: *** [tests] Error 2 I suspect that is is at least partly related to the fact that redhat don't implement NID_secp521r1 (https://bugzilla.redhat.com/show_bug.cgi?id=1019256) -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
