On Wed, Apr 01, 2015 at 09:53:13PM +0000, Scott Neugroschl wrote: > I think that you're right about the OpenSSL. ISTR that ECC didn't > appear until the 1.0.0 series. > > -----Original Message----- From: openssh-unix-dev > [mailto:openssh-unix-dev-bounces+scott_n=xypro.com@xxxxxxxxxxx] On > Behalf Of Michael Felt Sent: Wednesday, April 01, 2015 2:45 PM To: > OpenSSH Devel List Subject: What did I miss when building openssh? > cannot generate ecdsa key > > I am assuming this is a user error (and the bug, if any is in > configure not telling me how to activate it). > > I regularly see a message: Could not load host key: > /etc/ssh/ssh_host_ecdsa_key > > And, obviously, I have never made the key before. > > I tried the following: ./ssh-keygen -t ecdsa -fssh_host_esdsa_key -N > "" unknown key type ecdsa > > However, the syntax says it is a known type > > root@x064:[/data/prj/openbsd/openssh/openssh-6.8p1]./ssh-keygen -? > unknown option -- ? usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa > | ed25519 | rsa | rsa1] [-N new_passphrase] [-C comment] [-f > output_keyfile] ... > > What did I miss? > > regards, Michael Felt > > p.s. make check|tests - they all passed. > > p.p.s. - this is built against an ancient openssl, so maybe the > problem is there. OpenSSH_6.8p1, OpenSSL 0.9.8k 25 Mar 2009 > > And, yes - I know I newer openssl is much better, but this is taking a > system where it is at - i.e., I assume openssl is not yet upgraded. > will be trying against openssl-1.something tomorrow. Actually, you should be OK with OpenSSL 0.9.8 (as long as it's post 0.9.8f, iirc). Try compiling and running the attached. --mancha
/* gcc -o ecc ecc.c -lcrypto -lssl */ #include <openssl/ec.h> #include <openssl/ecdh.h> #include <openssl/ecdsa.h> #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/opensslv.h> int main () { EC_KEY *ecdh = NULL; const EVP_MD *md; ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); ecdh = EC_KEY_new_by_curve_name(NID_secp384r1); ecdh = EC_KEY_new_by_curve_name(NID_secp521r1); md = EVP_sha256(); md = EVP_sha384(); md = EVP_sha512(); return 0; }
Attachment:
pgpVU8Ng7UBRr.pgp
Description: PGP signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev