Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
ssh-keygen missing rsa [solved]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
CaptainBlood
Veteran
Veteran


Joined: 24 Jan 2010
Posts: 1428

PostPosted: Sun Jul 28, 2019 6:43 pm    Post subject: ssh-keygen missing rsa [solved] Reply with quote

Code:
equery u openssh
[ Legend : U - final flag setting for installation]
[        : I - package is installed with flag     ]
[ Colors : set, unset                             ]
 * Found these USE flags for net-misc/openssh-7.9_p1-r4:
 U I
 - - X        : Add support for X11
 - - X509     : Adds support for X.509 certificate authentication
 - - audit    : Enable support for Linux audit subsystem using sys-process/audit
 - - bindist  : Disable EC/RC5 algorithms in OpenSSL for patent reasons.
 - - debug    : Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see https://wiki.gentoo.org/wiki/Project:Quality_Assurance/Backtraces
 - - hpn      : Enable high performance ssh
 - - kerberos : Add kerberos support
 - - ldns     : Use LDNS for DNSSEC/SSHFP validation.
 - - libedit  : Use the libedit library (replacement for readline)
 - - libressl : Use dev-libs/libressl instead of dev-libs/openssl when applicable (see also the ssl useflag)
 - - livecd   : Enable root password logins for live-cd environment.
 + + pam      : Add support for PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip
 - - pie      : Build programs as Position Independent Executables (a security hardening technique)
 - - sctp     : Support for Stream Control Transmission Protocol
 - - ssl      : Enable additional crypto algorithms via OpenSSL
 - - static   : !!do not set this during bootstrap!! Causes binaries to be statically linked instead of dynamically
 - - test     : Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)
Code:
user@amd64 ~ $ ssh-keygen -t rsa
unknown key type rsa
What's missing there?
Thks 4 ur attention.


Last edited by CaptainBlood on Sun Jul 28, 2019 10:59 pm; edited 1 time in total
Back to top
View user's profile Send private message
mike155
Veteran
Veteran


Joined: 17 Sep 2010
Posts: 1959
Location: Frankfurt, Germany

PostPosted: Sun Jul 28, 2019 7:18 pm    Post subject: Reply with quote

Quote:
What's missing there?

USE="ssl"
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 18335

PostPosted: Sun Jul 28, 2019 7:46 pm    Post subject: Reply with quote

You may want to make it a habit to read and make note of information provided by the ebuilds.

It appears that the openssh ebuild provides a notice about this:
Code:
       if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then
                elog "Be aware that by disabling openssl support in openssh, the server and clients"
                elog "no longer support dss/rsa/ecdsa keys.  You will need to generate ed25519 keys"
                elog "and update all clients/servers that utilize them."

_________________
Don't even pause and ask them why. Turn around and say goodbye.
Back to top
View user's profile Send private message
CaptainBlood
Veteran
Veteran


Joined: 24 Jan 2010
Posts: 1428

PostPosted: Sun Jul 28, 2019 10:58 pm    Post subject: Reply with quote

Thanks mike155.
Back to top
View user's profile Send private message
CaptainBlood
Veteran
Veteran


Joined: 24 Jan 2010
Posts: 1428

PostPosted: Sun Jul 28, 2019 11:18 pm    Post subject: Reply with quote

pjp wrote:
You may want to make it a habit to read and make note of information provided by the ebuilds.

It appears that the openssh ebuild provides a notice about this:
Code:
       if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then
                elog "Be aware that by disabling openssl support in openssh, the server and clients"
                elog "no longer support dss/rsa/ecdsa keys.  You will need to generate ed25519 keys"
                elog "and update all clients/servers that utilize them."
Complementarily, ebuild system could provide a more explicit information 'equery use' message in this regard:
Code:

[ Legend : U - final flag setting for installation]
[        : I - package is installed with flag     ]
[ Colors : set, unset                             ]
 * Found these USE flags for net-misc/openssh-7.9_p1-r4:
 U I
 - - ssl      : Enable additional crypto algorithms via OpenSSL
vs
Code:

[ Legend : U - final flag setting for installation]
[        : I - package is installed with flag     ]
[ Colors : set, unset                             ]
 * Found these USE flags for net-misc/openssh-7.9_p1-r4:
 U I
 - - ssl      : Enable dss/rsa/ecdsa crypto algorithms via OpenSSL


Thks 4 ur attention, interest & support
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum