Issue with ssh-keygen
447 views
Skip to first unread message
Kelly Dunlop
Feb 15, 2017, 6:10:50 AM2/15/17
to openssh-...@mindrot.org
Hi,
I am running openssh7.3p1 on an embedded Linux system and discovered this problem.
If I run:
ssh-keygen -t rsa1 -f testfile
it appears to generate the key and I get the output:
Generating public/private rsa1 key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Saving key "testfile" failed: unknown or unsupported key type
Should this option be returning with a deprecated key type message ?
I can't find a bug already reported about this and I have downloaded openssh 7.4p1
and the problem exists on that too. I have checked the archives at http://marc.info/
and there didn't appear to be anything there.
Apologies if this has apready been discussed as I am not on the mailing list.
Thanks in advance for any pointers
Kelly
--
Kelly Dunlop
kdu...@guralp.com
Guralp Systems Limited
http://www.guralp.com
_______________________________________________
openssh-unix-dev mailing list
openssh-...@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Darren Tucker
Feb 16, 2017, 5:30:05 PM2/16/17
to Kelly Dunlop, OpenSSH Devel List
On Fri, Feb 17, 2017 at 9:25 AM, Darren Tucker <dtu...@zip.com.au> wrote:
> git bisect points at
>
> 2aa9da1a3b360cf7b13e96fe1521534b91501fb5 is the first bad commit
... and if I'd actually looked at the change itself:
- [ --without-ssh1 Disable support for SSH protocol 1],
+ [ --with-ssh1 Enable support for SSH protocol 1],
so yeah, ssh-keygen should have probably errored out "unsupported key type".
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
> git bisect points at
>
> 2aa9da1a3b360cf7b13e96fe1521534b91501fb5 is the first bad commit
... and if I'd actually looked at the change itself:
- [ --without-ssh1 Disable support for SSH protocol 1],
+ [ --with-ssh1 Enable support for SSH protocol 1],
so yeah, ssh-keygen should have probably errored out "unsupported key type".
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Darren Tucker
Feb 16, 2017, 5:31:42 PM2/16/17
to Kelly Dunlop, OpenSSH Devel List
On Wed, Feb 15, 2017 at 9:50 PM, Kelly Dunlop <kdu...@guralp.com> wrote:
>
>
> Hi,
>
> I am running openssh7.3p1 on an embedded Linux system and discovered this problem.
>
> If I run:
>
> ssh-keygen -t rsa1 -f testfile
>
> it appears to generate the key and I get the output:
>
> Generating public/private rsa1 key pair.
> Enter passphrase (empty for no passphrase):
> Enter same passphrase again:
> Saving key "testfile" failed: unknown or unsupported key type
>
> Should this option be returning with a deprecated key type message ?
It looks like a bug. git bisect points at
>
>
> Hi,
>
> I am running openssh7.3p1 on an embedded Linux system and discovered this problem.
>
> If I run:
>
> ssh-keygen -t rsa1 -f testfile
>
> it appears to generate the key and I get the output:
>
> Generating public/private rsa1 key pair.
> Enter passphrase (empty for no passphrase):
> Enter same passphrase again:
> Saving key "testfile" failed: unknown or unsupported key type
>
> Should this option be returning with a deprecated key type message ?
2aa9da1a3b360cf7b13e96fe1521534b91501fb5 is the first bad commit
Author: d...@openbsd.org <d...@openbsd.org>
Date: Tue Mar 24 01:29:19 2015 +0000
upstream commit
Compile-time disable SSH protocol 1. You can turn it
back on using the Makefile.inc knob if you need it to talk to ancient
devices.
That said, we're about to remove SSH1 support in the client (it's
already gone from the server) so I'm not sure this is is ever going to
be fixed...
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Darren Tucker
Feb 16, 2017, 5:35:25 PM2/16/17
to Kelly Dunlop, OpenSSH Devel List
On Fri, Feb 17, 2017 at 09:28:52AM +1100, Darren Tucker wrote:
[...]
index 4768790..f45e239 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -89,7 +89,9 @@ static const struct keytype keytypes[] = {
{ "ssh-ed2551...@openssh.com", "ED25519-CERT",
KEY_ED25519_CERT, 0, 1 },
#ifdef WITH_OPENSSL
+# ifdef WITH_SSH1
{ NULL, "RSA1", KEY_RSA1, 0, 0 },
+# endif
{ "ssh-rsa", "RSA", KEY_RSA, 0, 0 },
{ "ssh-dss", "DSA", KEY_DSA, 0, 0 },
# ifdef OPENSSL_HAS_ECC
[...]
> so yeah, ssh-keygen should have probably errored out "unsupported key type".
diff --git a/sshkey.c b/sshkey.c
index 4768790..f45e239 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -89,7 +89,9 @@ static const struct keytype keytypes[] = {
{ "ssh-ed2551...@openssh.com", "ED25519-CERT",
KEY_ED25519_CERT, 0, 1 },
#ifdef WITH_OPENSSL
+# ifdef WITH_SSH1
{ NULL, "RSA1", KEY_RSA1, 0, 0 },
+# endif
{ "ssh-rsa", "RSA", KEY_RSA, 0, 0 },
{ "ssh-dss", "DSA", KEY_DSA, 0, 0 },
# ifdef OPENSSL_HAS_ECC
Darren Tucker
Feb 16, 2017, 9:40:24 PM2/16/17
to Kelly Dunlop, OpenSSH Devel List
On Fri, Feb 17, 2017 at 9:34 AM, Darren Tucker <dtu...@zip.com.au> wrote:
> On Fri, Feb 17, 2017 at 09:28:52AM +1100, Darren Tucker wrote:
> [...]
>> so yeah, ssh-keygen should have probably errored out "unsupported key type".
I've just committed this patch and a similar one to fix the usage text
> On Fri, Feb 17, 2017 at 09:28:52AM +1100, Darren Tucker wrote:
> [...]
>> so yeah, ssh-keygen should have probably errored out "unsupported key type".
in this case. It'll be in the next release (which according to the
current plan will likely be the last one to have SSH1 client support.
Thanks for the report.
$ ssh-keygen -t rsa1
unknown key type rsa1
$ ssh-keygen -?
usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa]
Kelly Dunlop
Feb 17, 2017, 7:13:46 AM2/17/17
to Darren Tucker, OpenSSH Devel List
On Fri, Feb 17, 2017 at 01:39:06PM +1100, Darren Tucker wrote:
> On Fri, Feb 17, 2017 at 9:34 AM, Darren Tucker <dtu...@zip.com.au> wrote:
> > On Fri, Feb 17, 2017 at 09:28:52AM +1100, Darren Tucker wrote:
> > [...]
> >> so yeah, ssh-keygen should have probably errored out "unsupported key type".
>
> I've just committed this patch and a similar one to fix the usage text
> in this case. It'll be in the next release (which according to the
> current plan will likely be the last one to have SSH1 client support.
>
> Thanks for the report.
Thanks for confirming that I hadn't misinterpreted something.
> On Fri, Feb 17, 2017 at 9:34 AM, Darren Tucker <dtu...@zip.com.au> wrote:
> > On Fri, Feb 17, 2017 at 09:28:52AM +1100, Darren Tucker wrote:
> > [...]
> >> so yeah, ssh-keygen should have probably errored out "unsupported key type".
>
> I've just committed this patch and a similar one to fix the usage text
> in this case. It'll be in the next release (which according to the
> current plan will likely be the last one to have SSH1 client support.
>
> Thanks for the report.
Thanks for the fix too although as you say time is short for SSH1 support.
Kelly
>
> $ ssh-keygen -t rsa1
> unknown key type rsa1
>
> $ ssh-keygen -?
> usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa]
>
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
> Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
> $ ssh-keygen -t rsa1
> unknown key type rsa1
>
> $ ssh-keygen -?
> usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa]
>
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
> Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
Reply all
Reply to author
Forward
0 new messages