Date: Fri, 5 Jul 2002 13:26:40 -0700 From: "Crist J. Clark" <crist.clark@attbi.com> To: Michael Sharp <freebsd@ec.rr.com> Cc: freebsd-security@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: Re: ssk-keygen Message-ID: <20020705132640.B17982@blossom.cjclark.org> In-Reply-To: <20020704013131.1f7a014f.freebsd@ec.rr.com>; from freebsd@ec.rr.com on Thu, Jul 04, 2002 at 01:31:31AM -0400 References: <20020704013131.1f7a014f.freebsd@ec.rr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jul 04, 2002 at 01:31:31AM -0400, Michael Sharp wrote:
> I did a cvsup of RELENG_4 about 2 hours ago ( July 4th @ 12:05 am )and noticed the new openssh3.4p1 and pam.conf source so I decided to make world. On reboot, ssh-keygen fails to make RSA keys because in rc.network there is no -t rsa option when running ssh-keygen. ***I changed it*** and all is well. This is likely to come up on the questions and security list for those that did a cvsup at about the same time I did. I'm sure its been discovered and fixed by now.
>
> ***
> if [ ! -f /etc/ssh/ssh_host_key ]; then
> echo ' creating ssh RSA host key';
> /usr/bin/ssh-keygen -t rsa -N "" -f /etc/ssh/ssh_host_key
> ***
You told it to generate the wrong key. ssh_host_key should hold a
protocol 1 key,
/usr/bin/ssh-keygen -t rsa1 -N "" -f /etc/ssh/ssh_host_key
^
And yes, this has been fixed in RELENG_4.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020705132640.B17982>