From owner-freebsd-ports-bugs@freebsd.org  Mon Aug 31 15:39:44 2015
Return-Path: <owner-freebsd-ports-bugs@freebsd.org>
Delivered-To: freebsd-ports-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id D1B019C76B8
 for <freebsd-ports-bugs@mailman.ysv.freebsd.org>;
 Mon, 31 Aug 2015 15:39:44 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id BD98B1D67
 for <freebsd-ports-bugs@FreeBSD.org>; Mon, 31 Aug 2015 15:39:44 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t7VFdi2C090630
 for <freebsd-ports-bugs@FreeBSD.org>; Mon, 31 Aug 2015 15:39:44 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-ports-bugs@FreeBSD.org
Subject: [Bug 202792] security/openssh-portable tries to generate obselete
 key type at startup.
Date: Mon, 31 Aug 2015 15:39:44 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Ports & Packages
X-Bugzilla-Component: Individual Port(s)
X-Bugzilla-Version: Latest
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: chrysalis@chrysalisnet.org
X-Bugzilla-Status: New
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: bdrewery@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: maintainer-feedback?
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
 flagtypes.name
Message-ID: <bug-202792-13@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports-bugs>, 
 <mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs/>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
 <mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Aug 2015 15:39:45 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202792

            Bug ID: 202792
           Summary: security/openssh-portable tries to generate obselete
                    key type at startup.
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: bdrewery@FreeBSD.org
          Reporter: chrysalis@chrysalisnet.org
             Flags: maintainer-feedback?(bdrewery@FreeBSD.org)
          Assignee: bdrewery@FreeBSD.org

ssh-keygen will now refuse to create one of the keys specified in the rc.d
script showing this output at a restart.

Generating public/private rsa1 key pair.
Saving key "/usr/local/etc/ssh/ssh_host_key" failed: unknown or unsupported key
type
You already have a DSA host key in /usr/local/etc/ssh/ssh_host_dsa_key
Skipping protocol version 2 DSA Key Generation
You already have a RSA host key in /usr/local/etc/ssh/ssh_host_rsa_key
Skipping protocol version 2 RSA Key Generation
You already have a Elliptic Curve DSA host key in
/usr/local/etc/ssh/ssh_host_ecdsa_key
Skipping protocol version 2 Elliptic Curve DSA Key Generation
You already have a Elliptic Curve ED25519 host key in
/usr/local/etc/ssh/ssh_host_ed25519_key
Skipping protocol version 2 Elliptic Curve ED25519 Key Generation
Performing sanity check on openssh configuration.
Stopping openssh.
Waiting for PIDS: 72833.
Generating public/private rsa1 key pair.
Saving key "/usr/local/etc/ssh/ssh_host_key" failed: unknown or unsupported key
type
You already have a DSA host key in /usr/local/etc/ssh/ssh_host_dsa_key
Skipping protocol version 2 DSA Key Generation
You already have a RSA host key in /usr/local/etc/ssh/ssh_host_rsa_key
Skipping protocol version 2 RSA Key Generation
You already have a Elliptic Curve DSA host key in
/usr/local/etc/ssh/ssh_host_ecdsa_key
Skipping protocol version 2 Elliptic Curve DSA Key Generation
You already have a Elliptic Curve ED25519 host key in
/usr/local/etc/ssh/ssh_host_ed25519_key
Skipping protocol version 2 Elliptic Curve ED25519 Key Generation
Performing sanity check on openssh configuration.
Starting openssh.

If one key is missing it tries to regenerate "all" keys hence the mess.

The fix is to edit the rc.d script from

openssh_keygen()
{
       if [ -f /usr/local/etc/ssh/ssh_host_key -a \
            -f /usr/local/etc/ssh/ssh_host_dsa_key -a \
            -f /usr/local/etc/ssh/ssh_host_rsa_key -a \
            -f /usr/local/etc/ssh/ssh_host_ecdsa_key -a \
            -f /usr/local/etc/ssh/ssh_host_ed25519_key ]; then
                return 0
        fi

to

openssh_keygen()
{
        if [ -f /usr/local/etc/ssh/ssh_host_dsa_key -a \
            -f /usr/local/etc/ssh/ssh_host_rsa_key -a \
            -f /usr/local/etc/ssh/ssh_host_ecdsa_key -a \
            -f /usr/local/etc/ssh/ssh_host_ed25519_key ]; then
                return 0
        fi

not sure if this is related to bug 202169 so filed a new report.

-- 
You are receiving this mail because:
You are the assignee for the bug.