Bug 1019222 - Re-enable elliptic curve cryptography (ecc) in openssh
Re-enable elliptic curve cryptography (ecc) in openssh
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: openssh (Show other bugs)
19
Unspecified Linux
unspecified Severity unspecified
: ---
: ---
Assigned To: Petr Lautrbach
Fedora Extras Quality Assurance
:
Depends On: 1023945
Blocks: ecc
  Show dependency treegraph
 
Reported: 2013-10-15 06:20 EDT by Scott Schmit
Modified: 2014-01-07 04:54 EST (History)
17 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1019216
: 1022904 (view as bug list)
Environment:
Last Closed: 2014-01-07 04:54:35 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch to sshd-keygen to generate ECDSA keys (1.15 KB, patch)
2013-10-15 06:20 EDT, Scott Schmit
no flags Details | Diff

  None (edit)
Description Scott Schmit 2013-10-15 06:20:58 EDT
Created attachment 812415 [details]
Patch to sshd-keygen to generate ECDSA keys

Description of problem:
The current version of the openssh package does not support elliptic curve cryptography algorithms. Support is available upstream.

Version-Release number of selected component (if applicable):
openssh-6.2p2-5.fc19.x86_64

How reproducible:
100%

Steps to Reproduce:
1. ssh-keygen -t ecdsa

Actual results:
ECC key generation works

Expected results:
ECC key generation does not work

Additional info:
openssl has now been allowed to re-enable ECC: Bug 319901

For the most part, openssh simply needs to be rebuilt against a version of openssl with ECC enabled, but there are currently a few other issues:
* Host key generation doesn't include generation of ecdsa keys
* openssh doesn't build with openssh-6.2p1-fips.patch and openssh-6.2p1-ctr-cavstest.patch

I don't mean to exclude other versions of Fedora, but F19 is what I use, and I'm not sure of the nss version in F18, etc.
Comment 1 Fedora Update System 2013-10-25 07:29:22 EDT
openssh-6.3p1-3.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/openssh-6.3p1-3.fc20
Comment 2 lnie 2013-10-28 02:32:45 EDT
seems fine with openssh-6.3p1-3.fc20
Comment 3 Sergio Pascual 2013-10-28 08:14:48 EDT
Hostkey creation it's missing (see dependant bug)
Comment 4 Fedora Update System 2013-11-10 03:07:44 EST
openssh-6.3p1-4.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 5 Scott Shambarger 2013-11-15 10:25:35 EST
Is it possible to get a build for F19? (as this bug is assigned to it :)
Comment 6 Fedora Update System 2013-11-18 08:30:48 EST
openssh-6.2p2-6.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/openssh-6.2p2-6.fc19
Comment 7 Fedora Update System 2013-11-18 10:25:59 EST
openssh-6.1p1-10.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/openssh-6.1p1-10.fc18
Comment 8 Fedora Update System 2013-11-19 00:27:28 EST
openssh-6.2p2-6.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Julio Merino 2013-11-26 09:50:59 EST
In f20, I was unable to SSH to NetBSD hosts due to their keys using ECDSA.  With this update, the problem is gone for me.
Comment 10 Fedora Update System 2013-12-08 21:03:20 EST
openssh-6.1p1-10.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.