Bug#928684: [Pkg-privacy-maintainers] Bug#928684: monkeysphere-host import-key broken due to ssh-keygen change

Fri, 10 May 2019 00:33:44 -0700 

On Wed, May 08, 2019 at 06:17:03PM -0400, Daniel Kahn Gillmor wrote:
> As a workaround, if you don't care about the existing RSA hostkey on
> your server, you can just re-generate it with:
> 
>      rm -f /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub
>      ssh-keygen -t rsa -N '' -f /etc/ssh/ssh_host_rsa_key

Thanks for the advice. unfortunately, this does not work:

     root@server:~# rm -f /etc/ssh/ssh_host_rsa_key 
/etc/ssh/ssh_host_rsa_key.pub
     root@server:~# ssh-keygen -t rsa -N '' -f /etc/ssh/ssh_host_rsa_key
     Generating public/private rsa key pair.
     Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
     Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
     The key fingerprint is:
     SHA256:sA2Y6dG8QqCZQ3yfimLSjpSTPzZ7bq+UMmZmpyBc0tM root@server
     The key's randomart image is:
     +---[RSA 2048]----+
     |...              |
     |.= o *           |
     |= . B *          |
     | ..o.+ *         |
     | o+++Eo S        |
     |+B+....          |
     |*=oB +           |
     |o B=*o           |
     |  .oBoo.         |
     +----[SHA256]-----+
     root@server:~# grep ^----- /etc/ssh/ssh_host_*_key
     /etc/ssh/ssh_host_ecdsa_key:-----BEGIN OPENSSH PRIVATE KEY-----
     /etc/ssh/ssh_host_ecdsa_key:-----END OPENSSH PRIVATE KEY-----
     /etc/ssh/ssh_host_ed25519_key:-----BEGIN OPENSSH PRIVATE KEY-----
     /etc/ssh/ssh_host_ed25519_key:-----END OPENSSH PRIVATE KEY-----
     /etc/ssh/ssh_host_rsa_key:-----BEGIN OPENSSH PRIVATE KEY-----
     /etc/ssh/ssh_host_rsa_key:-----END OPENSSH PRIVATE KEY-----
     root@server:~#

with, consequently, the same error:

     root@server:~# monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key 
ssh://server.example.com
     RSA.xs:194: OpenSSL error: no start line at /usr/bin/pem2openpgp line 
1106, <STDIN> line 1.
     gpg: no valid OpenPGP data found.
     root@server:~#

I'm afraid I lack the knowledge to really try and do anything else you
suggested, but I will certainly keep on trying to implement any
suggested fixes :)

Thanks again for all the hard work in maintaining and providing this
extremely useful package,

       -- Andrei

-- 
Andrei Morgan MRCPCH, MSc, PhD (Epidemiology / Neonatology)
https://www.andreimorgan.net/info/contact

Attachment: signature.asc
Description: PGP signature

Reply via email to