Red Hat Bugzilla – Bug 1019222
Re-enable elliptic curve cryptography (ecc) in openssh
Last modified: 2014-01-07 04:54:35 EST
Created attachment 812415 [details]
Patch to sshd-keygen to generate ECDSA keys
Description of problem:
The current version of the openssh package does not support elliptic curve cryptography algorithms. Support is available upstream.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. ssh-keygen -t ecdsa
ECC key generation works
ECC key generation does not work
openssl has now been allowed to re-enable ECC: Bug 319901
For the most part, openssh simply needs to be rebuilt against a version of openssl with ECC enabled, but there are currently a few other issues:
* Host key generation doesn't include generation of ecdsa keys
* openssh doesn't build with openssh-6.2p1-fips.patch and openssh-6.2p1-ctr-cavstest.patch
I don't mean to exclude other versions of Fedora, but F19 is what I use, and I'm not sure of the nss version in F18, etc.
openssh-6.3p1-3.fc20 has been submitted as an update for Fedora 20.
seems fine with openssh-6.3p1-3.fc20
Hostkey creation it's missing (see dependant bug)
openssh-6.3p1-4.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
Is it possible to get a build for F19? (as this bug is assigned to it :)
openssh-6.2p2-6.fc19 has been submitted as an update for Fedora 19.
openssh-6.1p1-10.fc18 has been submitted as an update for Fedora 18.
openssh-6.2p2-6.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
In f20, I was unable to SSH to NetBSD hosts due to their keys using ECDSA. With this update, the problem is gone for me.
openssh-6.1p1-10.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.