Upgrading from ssh to openssh (1.2pre12)...

Michael H. Warfield mhw at wittsend.com
Tue Nov 16 03:32:48 EST 1999

On Mon, Nov 15, 1999 at 10:11:49AM -0500, Niels Provos wrote:
> In message <19991115105530.D12683 at alcove.wittsend.com>, "Michael H. Warfield" w
> rites:
> >Nov 15 10:45:38 alcove sshd[21731]: fatal: cipher_set_key: unknown cipher: 1
> We do not use IDEA in OpenSSH anymore, it is patented in most
> countries.  Your private key is encrypted with it, change the
> passphrase with the old ssh to nothing, then change the passphrase with
> OpenSSH to someting new, that should get you going along.

	Actually, it's not necessary to go to quite that much trouble.
The key to the problem was in a remark I saw in Tatu's ChangeLog around
1.8 about the key format change.  You merely have to run the 1.2.27
ssh-keygen program with the -u option to update the encryption from
idea to 3des.  Tatu recognized the problem a long time ago, changed the
default encryption, and added the -u option.  I've just got a lot of
servers that do go back that far and have host keys (which don't have
passwords anyways, BTW) which are still encrypted with idea.  I've
just got to march through the lot with a script to make sure they are
all up to date before I update ssh.  Some of them would result in a loss
of ability to update them (gee, I updated ssh and can no longer access
that server on that other country).

> Niels.

 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  (The Mad Wizard)      |  (770) 331-2437   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

More information about the openssh-unix-dev mailing list