Re: What did I miss when building openssh? cannot generate ecdsa key

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Wed, Apr 01, 2015 at 09:53:13PM +0000, Scott Neugroschl wrote:
> I think that you're right about the OpenSSL.  ISTR that ECC didn't
> appear until the 1.0.0 series.
> 
> -----Original Message----- From: openssh-unix-dev
> [mailto:openssh-unix-dev-bounces+scott_n=xypro.com@xxxxxxxxxxx] On
> Behalf Of Michael Felt Sent: Wednesday, April 01, 2015 2:45 PM To:
> OpenSSH Devel List Subject: What did I miss when building openssh?
> cannot generate ecdsa key
> 
> I am assuming this is a user error (and the bug, if any is in
> configure not telling me how to activate it).
> 
> I regularly see a message: Could not load host key:
> /etc/ssh/ssh_host_ecdsa_key
> 
> And, obviously, I have never made the key before.
> 
> I tried the following: ./ssh-keygen -t ecdsa -fssh_host_esdsa_key -N
> "" unknown key type ecdsa
> 
> However, the syntax says it is a known type
> 
> root@x064:[/data/prj/openbsd/openssh/openssh-6.8p1]./ssh-keygen -?
> unknown option -- ?  usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa
> | ed25519 | rsa | rsa1] [-N new_passphrase] [-C comment] [-f
> output_keyfile] ...
> 
> What did I miss?
> 
> regards, Michael Felt
> 
> p.s. make check|tests - they all passed.
> 
> p.p.s. - this is built against an ancient openssl, so maybe the
> problem is there.  OpenSSH_6.8p1, OpenSSL 0.9.8k 25 Mar 2009
> 
> And, yes - I know I newer openssl is much better, but this is taking a
> system where it is at - i.e., I assume openssl is not yet upgraded.
> will be trying against openssl-1.something tomorrow.

Actually, you should be OK with OpenSSL 0.9.8 (as long as it's post
0.9.8f, iirc).

Try compiling and running the attached.

--mancha
/* gcc -o ecc ecc.c -lcrypto -lssl */

#include <openssl/ec.h>
#include <openssl/ecdh.h>
#include <openssl/ecdsa.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/opensslv.h>

int main ()
{
  EC_KEY *ecdh = NULL;
  const EVP_MD *md;

  ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
  ecdh = EC_KEY_new_by_curve_name(NID_secp384r1);
  ecdh = EC_KEY_new_by_curve_name(NID_secp521r1);

  md = EVP_sha256();
  md = EVP_sha384();
  md = EVP_sha512();

  return 0;
}

Attachment: pgpVU8Ng7UBRr.pgp
Description: PGP signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux