Your message dated Sun, 17 Jan 2016 15:59:57 +0000
with message-id <e1akpkd-0001c8...@franck.debian.org>
and subject line Bug#811265: fixed in openssh 1:7.1p2-2
has caused the Debian Bug report #811265,
regarding openssh-server fails to install with 'Saving key
"/etc/ssh/ssh_host_key" failed: unknown or unsupported key type' because
rsa1/SSH1 have been disabled
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
811265: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=811265
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: openssh-server
Version: 1:7.1p2-1
Severity: serious
Justification: Package fails to install
Hi!
In contrast to the default version shipped in the package, my
/etc/ssh/sshd_config doesn't contain a "Protocol" line since I'm happy
with the default (which is '2' according to the man page).
However, openssh-server's postinst contains these linese:
76 host_keys_required() {
77 hostkeys="$(get_config_option HostKey)"
78 if [ "$hostkeys" ]; then
79 echo "$hostkeys"
80 else
81 # No HostKey directives at all, so the server picks some
82 # defaults depending on the setting of Protocol.
83 protocol="$(get_config_option Protocol)"
84 [ "$protocol" ] || protocol=1,2
85 if echo "$protocol" | grep 1 >/dev/null; then
86 echo /etc/ssh/ssh_host_key
87 fi
[...]
95 }
96
97
98 create_key() {
[...]
105
106 if echo "$hostkeys" | grep -x "$file" >/dev/null && \
107 [ ! -f "$file" ] ; then
108 echo -n $msg
109 ssh-keygen -q -f "$file" -N '' "$@"
[...]
115 fi
116 }
This results in this:
root@shepard:~# apt-get -f install
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up openssh-server (1:7.1p2-1) ...
Creating SSH1 key; this may take some time ...Saving key
"/etc/ssh/ssh_host_key" failed: unknown or unsupported key type
dpkg: error processing package openssh-server (--configure):
subprocess installed post-installation script returned error exit
status 1
Errors were encountered while processing:
openssh-server
E: Sub-process /usr/bin/dpkg returned an error code (1)
root@shepard:~#
The reason is that this command fails:
root@shepard:~# ssh-keygen -q -f /etc/ssh/ssh_host_key -N '' -t rsa1
Saving key "/etc/ssh/ssh_host_key" failed: unknown or unsupported key
type
root@shepard:~#
A quick search leads to this upstream bug report:
https://bugzilla.mindrot.org/show_bug.cgi?id=2369
To sum things up: It seems that the logic in the postinst script which
is emulating the "-A" option of ssh-keygen is buggy and therefore ran
into the exact same problem as described in the bug report above.
Please consider either defaulting to protocol 2 only in the postinst
(line 84) or (IMHO better) switch to the "-A" option of ssh-keygen.
Best regards
Alexander Kurtz
signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:7.1p2-2
We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 811...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <cjwat...@debian.org> (supplier of updated openssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 17 Jan 2016 14:10:19 +0000
Source: openssh
Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server
ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source
Version: 1:7.1p2-2
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-...@lists.debian.org>
Changed-By: Colin Watson <cjwat...@debian.org>
Description:
openssh-client - secure shell (SSH) client, for secure access to remote
machines
openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol
openssh-client-udeb - secure shell client for the Debian installer (udeb)
openssh-server - secure shell (SSH) server, for secure access from remote
machines
openssh-server-udeb - secure shell server for the Debian installer (udeb)
openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access
from remot
ssh - secure shell client and server (metapackage)
ssh-askpass-gnome - interactive X program to prompt users for a passphrase for
ssh-ad
ssh-krb5 - secure shell client and server (transitional package)
Closes: 811265
Changes:
openssh (1:7.1p2-2) unstable; urgency=medium
.
* Remove protocol 1 host key generation from openssh-server.postinst
(closes: #811265).
Checksums-Sha1:
f12a29aaf62d01668734fdff4656461091f80b01 2835 openssh_7.1p2-2.dsc
be0589087e6db39d5b73a2cae4a52bc3d54ea809 148584 openssh_7.1p2-2.debian.tar.xz
Checksums-Sha256:
5d2c30d7862d863b93629466f63182164e8df07d75d89989a83b3f8c3a4e61ea 2835
openssh_7.1p2-2.dsc
601211c89b93d95e3f63353d67e18aaf2142ad789873af7a992544cd4acd46f4 148584
openssh_7.1p2-2.debian.tar.xz
Files:
104f221507e92b702632a0e2acc402b8 2835 net standard openssh_7.1p2-2.dsc
ccd355c361a9ada014bd41e7cb4560ef 148584 net standard
openssh_7.1p2-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Colin Watson <cjwat...@debian.org> -- Debian developer
iQIVAwUBVpug3jk1h9l9hlALAQhoVw//cQiDDaV9BAirw3yKg/IcaNKff2hZpR8L
D+qgJTaQdwveIvmrUMizlXBL1NVETQONyupm7StK0khGBW3nvrk94qZ3tucHAPl/
9Y/WUH0aujmUxXGptwGzum9HmS8+ccTAh3hIWsYEtkL3gaAPTVnmf0XJ6SF/D6Ti
R48lpf6lbIAZD+XIS5Y3u5k1Xf4Js5ueepLl7zJ2X3i6Y97le925tCK4pR7jacCM
B+NeAbpOhm4WwHdnjcpkNiFSC/3ZrVc51rzxAOgLpSn2769cKcZzW5WzqR2oasP5
kWsHqr315UdTU9YtKxJ3R4X+YMTdDqZtW4ms9baxBd0FN3xOiuNTfb+2/0rokYlp
RIwz3v4ibwUuQoGNluzqyHsO4uD9bJxK5skoKL/pFZFWtMIxu7EfXB/sAwSnPIxc
DcqHESef8jUiZde+fCx5Oti+s7A3ckwSVE7vl0tdRD8RjjdvCVKtKUmHf1R4Y/iG
cDaEGfVPj+Dqj0fCIQIViW13hT60t8qUpJk5VbaY8ObVL5M6ibrfev3nytsITous
Ziy/yHAk2NTsxmZ5UdMhyNG8eXMEPMXMOSd5+WNq2vFB1Y4SFYsSxWewPjgzoUDC
jpK8yI7tpJtmoika2ehz1PaOyoBKVsczDu0dSoIfEjOhmUAQjXxmFQgZBV9cDAa+
ts9mq2C/2GI=
=C9AO
-----END PGP SIGNATURE-----
--- End Message ---
