What did I miss when building openssh? cannot generate ecdsa key

mancha mancha1 at zoho.com
Thu Apr 2 09:22:46 AEDT 2015


On Wed, Apr 01, 2015 at 09:53:13PM +0000, Scott Neugroschl wrote:
> I think that you're right about the OpenSSL.  ISTR that ECC didn't
> appear until the 1.0.0 series.
> 
> -----Original Message----- From: openssh-unix-dev
> [mailto:openssh-unix-dev-bounces+scott_n=xypro.com at mindrot.org] On
> Behalf Of Michael Felt Sent: Wednesday, April 01, 2015 2:45 PM To:
> OpenSSH Devel List Subject: What did I miss when building openssh?
> cannot generate ecdsa key
> 
> I am assuming this is a user error (and the bug, if any is in
> configure not telling me how to activate it).
> 
> I regularly see a message: Could not load host key:
> /etc/ssh/ssh_host_ecdsa_key
> 
> And, obviously, I have never made the key before.
> 
> I tried the following: ./ssh-keygen -t ecdsa -fssh_host_esdsa_key -N
> "" unknown key type ecdsa
> 
> However, the syntax says it is a known type
> 
> root at x064:[/data/prj/openbsd/openssh/openssh-6.8p1]./ssh-keygen -?
> unknown option -- ?  usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa
> | ed25519 | rsa | rsa1] [-N new_passphrase] [-C comment] [-f
> output_keyfile] ...
> 
> What did I miss?
> 
> regards, Michael Felt
> 
> p.s. make check|tests - they all passed.
> 
> p.p.s. - this is built against an ancient openssl, so maybe the
> problem is there.  OpenSSH_6.8p1, OpenSSL 0.9.8k 25 Mar 2009
> 
> And, yes - I know I newer openssl is much better, but this is taking a
> system where it is at - i.e., I assume openssl is not yet upgraded.
> will be trying against openssl-1.something tomorrow.

Actually, you should be OK with OpenSSL 0.9.8 (as long as it's post
0.9.8f, iirc).

Try compiling and running the attached.

--mancha
-------------- next part --------------
/* gcc -o ecc ecc.c -lcrypto -lssl */

#include <openssl/ec.h>
#include <openssl/ecdh.h>
#include <openssl/ecdsa.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/opensslv.h>

int main ()
{
  EC_KEY *ecdh = NULL;
  const EVP_MD *md;

  ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
  ecdh = EC_KEY_new_by_curve_name(NID_secp384r1);
  ecdh = EC_KEY_new_by_curve_name(NID_secp521r1);

  md = EVP_sha256();
  md = EVP_sha384();
  md = EVP_sha512();

  return 0;
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20150401/bab601e5/attachment.bin>


More information about the openssh-unix-dev mailing list